Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1559391
MD5:e0b2866c4c2494645e94b5ef38b9acb8
SHA1:8d02c7748efffea787b8727fcc4a8b9545fa02ce
SHA256:ec37f3c2bc73ce7470c4a6619f4fe4ff973e835156cc466f8d9de64cf233661d
Tags:exeuser-Bitsight
Infos:

Detection

Credential Flusher
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

  • System is w10x64
  • file.exe (PID: 1492 cmdline: "C:\Users\user\Desktop\file.exe" MD5: E0B2866C4C2494645E94B5EF38B9ACB8)
    • taskkill.exe (PID: 3796 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6684 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 5344 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6392 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 4780 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6208 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 3544 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6600 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 3816 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6484 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • firefox.exe (PID: 2848 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 5260 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 6916 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 5112 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2284 -parentBuildID 20230927232528 -prefsHandle 2232 -prefMapHandle 2228 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d3b9a08-6fb8-422b-b765-a43db8b920aa} 6916 "\\.\pipe\gecko-crash-server-pipe.6916" 2c215b6ef10 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7588 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3816 -parentBuildID 20230927232528 -prefsHandle 3788 -prefMapHandle 3896 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1235fb2f-2ad4-4d0b-85b2-34b26d7e737e} 6916 "\\.\pipe\gecko-crash-server-pipe.6916" 2c2281e5310 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 1600 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5080 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5072 -prefMapHandle 5052 -prefsLen 33093 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ffc7800e-51e3-45ac-bcdd-0eb239f79988} 6916 "\\.\pipe\gecko-crash-server-pipe.6916" 2c22e35cf10 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
Process Memory Space: file.exe PID: 1492JoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security
    No Sigma rule has matched
    No Suricata rule has matched

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: file.exeReversingLabs: Detection: 28%
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.3% probability
    Source: file.exeJoe Sandbox ML: detected
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:50815 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:50820 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:50824 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:50909 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50920 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50922 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:51008 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:51007 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.6:51009 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:51014 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:51015 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:51016 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:51021 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 142.250.65.238:443 -> 192.168.2.6:51905 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:51966 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:51964 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:51965 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:51962 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:51963 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:51967 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:51968 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:51969 version: TLS 1.2
    Source: Binary string: webauthn.pdb source: firefox.exe, 0000000E.00000003.2391010788.000002C22A601000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000E.00000003.2433038756.000002C2257BE000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000E.00000003.2432663150.000002C2257B3000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wshbth.pdb source: firefox.exe, 0000000E.00000003.2433038756.000002C2257BE000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000E.00000003.2391010788.000002C22A601000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000E.00000003.2432663150.000002C2257B3000.00000004.00000020.00020000.00000000.sdmp
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0088DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0088DBBE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0085C2A2 FindFirstFileExW,0_2_0085C2A2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008968EE FindFirstFileW,FindClose,0_2_008968EE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0089698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0089698F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0088D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0088D076
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0088D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0088D3A9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00899642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00899642
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0089979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0089979D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00899B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00899B2B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00895C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00895C97
    Source: firefox.exeMemory has grown: Private usage: 1MB later: 214MB
    Source: unknownNetwork traffic detected: DNS query count 31
    Source: Joe Sandbox ViewIP Address: 151.101.1.91 151.101.1.91
    Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
    Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
    Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.65.238
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.65.238
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.65.238
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.65.238
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.65.238
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.65.238
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.65.238
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.65.238
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0089CE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_0089CE44
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: firefox.exe, 0000000E.00000003.2429129792.000002C22761C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2273078856.000002C22F5DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2373208475.000002C22F5DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2429129792.000002C22761C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427860763.000002C227ACA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2425365023.000002C22862E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414906602.000002C228628000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2425365023.000002C22862E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414906602.000002C228628000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2427459272.000002C227FBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2273078856.000002C22F5DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2373208475.000002C22F5DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2427459272.000002C227FBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2427459272.000002C227FBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2427459272.000002C227FBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2427459272.000002C227FBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000E.00000003.2427459272.000002C227FBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2427459272.000002C227FBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2427459272.000002C227FBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2427459272.000002C227FBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2427459272.000002C227FBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2427459272.000002C227FBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2427459272.000002C227FBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000E.00000003.2427459272.000002C227FBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2427459272.000002C227FBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2427459272.000002C227FBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000E.00000003.2427459272.000002C227FBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2427459272.000002C227FBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2427459272.000002C227FBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000E.00000003.2427459272.000002C227FBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2427459272.000002C227FBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2413000905.000002C2295CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3446654435.000001D329C03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2427459272.000002C227FBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2413000905.000002C2295CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3446654435.000001D329C03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000E.00000003.2427459272.000002C227FBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2413000905.000002C2295CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3446654435.000001D329C03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000014.00000002.3446763241.000001CAEBB0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/nj` equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000014.00000002.3446763241.000001CAEBB0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/nj` equals www.twitter.com (Twitter)
    Source: firefox.exe, 00000014.00000002.3446763241.000001CAEBB0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/nj` equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2428881547.000002C2276BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: moz-extension://6edd4cbe-8a9f-4158-beca-90f5feba9c8c/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2382716657.000002C22F641000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2429129792.000002C22761C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2372787128.000002C22F641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2382716657.000002C22F641000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2372787128.000002C22F641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2429037324.000002C227674000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
    Source: global trafficDNS traffic detected: DNS query: youtube.com
    Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
    Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
    Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: example.org
    Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
    Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: www.youtube.com
    Source: global trafficDNS traffic detected: DNS query: www.facebook.com
    Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
    Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
    Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
    Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
    Source: global trafficDNS traffic detected: DNS query: www.reddit.com
    Source: global trafficDNS traffic detected: DNS query: twitter.com
    Source: global trafficDNS traffic detected: DNS query: dualstack.reddit.map.fastly.net
    Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2421894346.000002C229C71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427459272.000002C227F97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
    Source: firefox.exe, 0000000E.00000003.2405239648.000002C22E3CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2403387319.000002C22E3CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
    Source: firefox.exe, 0000000E.00000003.2405239648.000002C22E3CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2403387319.000002C22E3CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
    Source: firefox.exe, 0000000E.00000003.2405239648.000002C22E3CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2403387319.000002C22E3CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
    Source: firefox.exe, 0000000E.00000003.2405239648.000002C22E3CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2403387319.000002C22E3CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: firefox.exe, 0000000E.00000003.2391211363.000002C22576E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2391316366.000002C22577D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: firefox.exe, 0000000E.00000003.2391211363.000002C22576E000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
    Source: firefox.exe, 0000000E.00000003.2432752919.000002C22578E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2431608888.000002C22578E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2391211363.000002C22576E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2391316366.000002C22577D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2433799093.000002C22578E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2431162770.000002C22578E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: firefox.exe, 0000000E.00000003.2391211363.000002C22576E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2391316366.000002C22577D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
    Source: firefox.exe, 0000000E.00000003.2391211363.000002C22576E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2391316366.000002C22577D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
    Source: firefox.exe, 0000000E.00000003.2432752919.000002C22578E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2431608888.000002C22578E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2391211363.000002C22576E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2391316366.000002C22577D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2433799093.000002C22578E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2431162770.000002C22578E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: firefox.exe, 0000000E.00000003.2391211363.000002C22576E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2391316366.000002C22577D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: firefox.exe, 0000000E.00000003.2391211363.000002C22576E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2391316366.000002C22577D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: firefox.exe, 0000000E.00000003.2391211363.000002C22576E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2391316366.000002C22577D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2391787367.000002C22577F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
    Source: firefox.exe, 0000000E.00000003.2428881547.000002C227699000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414906602.000002C228628000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2383423990.000002C22E8FC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2429279112.000002C227612000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261217347.000002C2282BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2425740644.000002C2282BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
    Source: firefox.exe, 0000000E.00000003.2419699402.000002C22E0B1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2406064782.000002C22E0FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
    Source: firefox.exe, 0000000E.00000003.2429129792.000002C22761C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2419102605.000002C22E0FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2413320396.000002C2295AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2406064782.000002C22E0FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
    Source: firefox.exe, 0000000E.00000003.2429037324.000002C227674000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2406064782.000002C22E0FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2420442533.000002C22DCB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
    Source: firefox.exe, 0000000E.00000003.2403387319.000002C22E378000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2418737633.000002C22E378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-04/schema#
    Source: firefox.exe, 0000000E.00000003.2403387319.000002C22E378000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2418737633.000002C22E378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-06/schema#
    Source: firefox.exe, 0000000E.00000003.2403387319.000002C22E378000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2418737633.000002C22E378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-07/schema#-
    Source: firefox.exe, 0000000E.00000003.2403387319.000002C22E378000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2418737633.000002C22E378000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2338295807.000002C22949E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
    Source: firefox.exe, 0000000E.00000003.2424087458.000002C2286BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2446251315.000002C22977D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2272686574.000002C22799B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2270026875.000002C2278AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2371108657.000002C22DEB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2355284152.000002C227874000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2345476562.000002C227955000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2344145063.000002C2275C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240502191.000002C2259C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2413761247.000002C2291EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2421027655.000002C22DC26000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2343531360.000002C2273D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427215955.000002C228068000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2235200053.000002C225C51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2257047362.000002C22DECB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2353594284.000002C227895000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2321238097.000002C229782000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2388318722.000002C225CD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392241593.000002C225982000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2330880648.000002C227830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2330880648.000002C227829000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
    Source: firefox.exe, 0000000E.00000003.2391211363.000002C22576E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2391316366.000002C22577D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392377325.000002C225774000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2391787367.000002C22577F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
    Source: firefox.exe, 0000000E.00000003.2393574340.000002C225773000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2391211363.000002C22576E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2391316366.000002C22577D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392377325.000002C225774000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2391787367.000002C22577F000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0N
    Source: firefox.exe, 0000000E.00000003.2432752919.000002C22578E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2431608888.000002C22578E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2391211363.000002C22576E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2391316366.000002C22577D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2433799093.000002C22578E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2431162770.000002C22578E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.thawte.com0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://www.mozilla.com0
    Source: firefox.exe, 0000000E.00000003.2418195021.000002C230258000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
    Source: firefox.exe, 0000000E.00000003.2405239648.000002C22E3CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2403387319.000002C22E3CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2006/browser/search/
    Source: firefox.exe, 0000000E.00000003.2261217347.000002C2282C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
    Source: mozilla-temp-41.14.drString found in binary or memory: http://www.videolan.org/x264.html
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
    Source: firefox.exe, 0000000E.00000003.2373208475.000002C22F567000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
    Source: firefox.exe, 0000000E.00000003.2232982052.000002C225B52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232778151.000002C225B31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232589564.000002C225B0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232421790.000002C225900000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
    Source: firefox.exe, 0000000E.00000003.2427860763.000002C227A7B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
    Source: firefox.exe, 0000000E.00000003.2428759602.000002C2276F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
    Source: firefox.exe, 0000000E.00000003.2407662742.000002C22DD6A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.comK
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-users/
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
    Source: firefox.exe, 0000000E.00000003.2382716657.000002C22F641000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2372787128.000002C22F641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
    Source: firefox.exe, 0000000E.00000003.2382716657.000002C22F641000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2372787128.000002C22F641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
    Source: firefox.exe, 0000000E.00000003.2382716657.000002C22F641000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2372787128.000002C22F641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
    Source: firefox.exe, 0000000E.00000003.2382716657.000002C22F641000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2372787128.000002C22F641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
    Source: firefox.exe, 0000000E.00000003.2382716657.000002C22F641000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2372787128.000002C22F641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
    Source: firefox.exe, 0000000E.00000003.2427860763.000002C227AF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
    Source: firefox.exe, 0000000E.00000003.2406064782.000002C22E0E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2260981192.000002C22E0EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2419102605.000002C22E0E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
    Source: firefox.exe, 0000000E.00000003.2372787128.000002C22F641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 0000000E.00000003.2372787128.000002C22F641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
    Source: firefox.exe, 0000000E.00000003.2419852869.000002C22E02C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2406064782.000002C22E028000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2406064782.000002C22E0D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
    Source: firefox.exe, 0000000E.00000003.2421894346.000002C229C71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261187976.000002C2282ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
    Source: firefox.exe, 00000010.00000002.3447507908.00000290FE2C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3446654435.000001D329CF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3451521960.000001CAEBE03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
    Source: firefox.exe, 00000010.00000002.3447507908.00000290FE2C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3446654435.000001D329CF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3451521960.000001CAEBE03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
    Source: firefox.exe, 0000000E.00000003.2417405676.000002C22818B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
    Source: firefox.exe, 0000000E.00000003.2272686574.000002C22799B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
    Source: firefox.exe, 0000000E.00000003.2232982052.000002C225B52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232778151.000002C225B31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232589564.000002C225B0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232421790.000002C225900000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
    Source: firefox.exe, 0000000E.00000003.2419102605.000002C22E0E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/
    Source: firefox.exe, 0000000E.00000003.2419805920.000002C22E099000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2406064782.000002C22E08C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
    Source: firefox.exe, 00000010.00000002.3447507908.00000290FE2C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3446654435.000001D329CF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3451521960.000001CAEBE03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
    Source: firefox.exe, 00000010.00000002.3447507908.00000290FE2C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3446654435.000001D329CF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3451521960.000001CAEBE03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
    Source: firefox.exe, 0000000E.00000003.2261465972.000002C2282A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2425740644.000002C2282A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2416360681.000002C2282A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2407244897.000002C22DDEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.2422386173.000002C22919F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261187976.000002C2282ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
    Source: firefox.exe, 0000000E.00000003.2376238549.000002C227339000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000E.00000003.2330880648.000002C227829000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
    Source: firefox.exe, 0000000E.00000003.2445831392.000002C22596F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240502191.000002C225963000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2371190685.000002C2275E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232982052.000002C225B52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379799514.000002C22596F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274221681.000002C2275DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2403387319.000002C22E321000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232778151.000002C225B31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2354992972.000002C2275DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2339150358.000002C225959000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275499634.000002C2275DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2344145063.000002C2275DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232589564.000002C225B0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2346356962.000002C2275DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232421790.000002C225900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2272441276.000002C2275DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
    Source: firefox.exe, 0000000E.00000003.2418195021.000002C230216000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2373208475.000002C22F567000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3446654435.000001D329C12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3446763241.000001CAEBB13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
    Source: firefox.exe, 0000000E.00000003.2262561006.000002C22E4CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2263965701.000002C22734C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
    Source: firefox.exe, 0000000E.00000003.2262561006.000002C22E4E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262561006.000002C22E4CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2263965701.000002C22734C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
    Source: firefox.exe, 0000000E.00000003.2381840338.000002C22F817000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2405239648.000002C22E396000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
    Source: firefox.exe, 0000000E.00000003.2418195021.000002C230216000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2373208475.000002C22F567000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3446654435.000001D329C12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3446763241.000001CAEBB13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
    Source: firefox.exe, 0000000E.00000003.2407442306.000002C22DDAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3446654435.000001D329CC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3446763241.000001CAEBBC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
    Source: firefox.exe, 0000000E.00000003.2413000905.000002C2295FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2373208475.000002C22F567000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3446654435.000001D329CC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3446763241.000001CAEBBC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
    Source: firefox.exe, 00000014.00000002.3446763241.000001CAEBB30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
    Source: firefox.exe, 0000000E.00000003.2407442306.000002C22DDAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
    Source: firefox.exe, 0000000E.00000003.2407442306.000002C22DDAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
    Source: firefox.exe, 0000000E.00000003.2407442306.000002C22DDAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
    Source: firefox.exe, 0000000E.00000003.2407442306.000002C22DDAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
    Source: firefox.exe, 0000000E.00000003.2407442306.000002C22DDAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
    Source: firefox.exe, 0000000E.00000003.2407442306.000002C22DDAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
    Source: firefox.exe, 0000000E.00000003.2407442306.000002C22DDAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
    Source: firefox.exe, 0000000E.00000003.2413000905.000002C2295FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3446654435.000001D329CC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3446763241.000001CAEBBC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
    Source: firefox.exe, 0000000E.00000003.2373208475.000002C22F567000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
    Source: firefox.exe, 0000000E.00000003.2407442306.000002C22DDAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
    Source: firefox.exe, 0000000E.00000003.2407662742.000002C22DD6A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
    Source: firefox.exe, 0000000E.00000003.2407442306.000002C22DDAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
    Source: firefox.exe, 0000000E.00000003.2413000905.000002C2295FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3446654435.000001D329CC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3446763241.000001CAEBBC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
    Source: firefox.exe, 0000000E.00000003.2373208475.000002C22F567000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
    Source: firefox.exe, 0000000E.00000003.2373208475.000002C22F567000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
    Source: firefox.exe, 0000000E.00000003.2373208475.000002C22F567000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
    Source: firefox.exe, 0000000E.00000003.2371108657.000002C22DEB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2369746385.000002C22DEA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2257047362.000002C22DEB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
    Source: firefox.exe, 0000000E.00000003.2371108657.000002C22DEB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2369746385.000002C22DEA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2257047362.000002C22DEB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
    Source: firefox.exe, 0000000E.00000003.2232778151.000002C225B31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232589564.000002C225B0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232421790.000002C225900000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
    Source: firefox.exe, 0000000E.00000003.2381448928.000002C22F850000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
    Source: firefox.exe, 0000000E.00000003.2373208475.000002C22F567000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
    Source: firefox.exe, 0000000E.00000003.2374638227.000002C22757C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2376238549.000002C227339000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
    Source: firefox.exe, 0000000E.00000003.2403325023.000002C22E863000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/relay
    Source: firefox.exe, 0000000E.00000003.2407515918.000002C22DD95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
    Source: prefs-1.js.14.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
    Source: firefox.exe, 0000000E.00000003.2401360058.000002C22F3D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2382862372.000002C22F3CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2374261323.000002C22F3CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2418195021.000002C230258000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3446654435.000001D329CBC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3446763241.000001CAEBBF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
    Source: firefox.exe, 0000000E.00000003.2372422458.000002C22F66F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/a97e714a-7343-49f7-be9c-55d63
    Source: firefox.exe, 0000000E.00000003.2406064782.000002C22E0D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/top-sites/1/d3698c60-da91-4f8c-b7c7-e1
    Source: firefox.exe, 0000000E.00000003.2429129792.000002C22761C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/eca12d22-7e47-403b
    Source: firefox.exe, 0000000E.00000003.2373208475.000002C22F567000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2419805920.000002C22E099000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2406064782.000002C22E08C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
    Source: firefox.exe, 0000000E.00000003.2403387319.000002C22E378000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2418737633.000002C22E378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema.
    Source: firefox.exe, 0000000E.00000003.2403387319.000002C22E378000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2418737633.000002C22E378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema./
    Source: firefox.exe, 0000000E.00000003.2403387319.000002C22E378000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2418737633.000002C22E378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/
    Source: firefox.exe, 0000000E.00000003.2403387319.000002C22E378000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2418737633.000002C22E378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/=
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
    Source: firefox.exe, 0000000E.00000003.2413537034.000002C22958C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
    Source: firefox.exe, 0000000E.00000003.2376238549.000002C227339000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
    Source: firefox.exe, 00000010.00000002.3447507908.00000290FE273000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3446654435.000001D329C86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3446763241.000001CAEBB8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.2275304244.000002C2279CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mochitest.youtube.com/
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
    Source: firefox.exe, 0000000E.00000003.2391211363.000002C22576E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2391316366.000002C22577D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
    Source: firefox.exe, 0000000E.00000003.2427459272.000002C227FBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ok.ru/
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
    Source: firefox.exe, 0000000E.00000003.2275304244.000002C2279CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/page/
    Source: firefox.exe, 0000000E.00000003.2275304244.000002C2279CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/player/
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
    Source: firefox.exe, 0000000E.00000003.2373208475.000002C22F567000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
    Source: firefox.exe, 0000000E.00000003.2403387319.000002C22E334000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2418737633.000002C22E358000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
    Source: firefox.exe, 0000000E.00000003.2409328167.000002C22DD32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
    Source: firefox.exe, 0000000E.00000003.2232421790.000002C225900000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
    Source: firefox.exe, 0000000E.00000003.2330880648.000002C227829000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
    Source: firefox.exe, 0000000E.00000003.2413000905.000002C2295CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
    Source: firefox.exe, 0000000E.00000003.2421272582.000002C229CEA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3446654435.000001D329C12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3446763241.000001CAEBB13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
    Source: firefox.exe, 0000000E.00000003.2413320396.000002C2295C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
    Source: firefox.exe, 0000000E.00000003.2407442306.000002C22DDAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#
    Source: firefox.exe, 0000000E.00000003.2407442306.000002C22DDAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#l
    Source: firefox.exe, 0000000E.00000003.2373208475.000002C22F567000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3446654435.000001D329CBC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3446763241.000001CAEBBF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
    Source: firefox.exe, 0000000E.00000003.2427860763.000002C227AF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-user-removal
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
    Source: firefox.exe, 0000000E.00000003.2428995253.000002C22768E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2425553854.000002C22861E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
    Source: firefox.exe, 0000000E.00000003.2429129792.000002C22761C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402457859.000002C22E8A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427860763.000002C227A5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
    Source: firefox.exe, 0000000E.00000003.2405239648.000002C22E3A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
    Source: firefox.exe, 0000000E.00000003.2422386173.000002C229167000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
    Source: firefox.exe, 0000000E.00000003.2405239648.000002C22E3A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
    Source: firefox.exe, 0000000E.00000003.2425365023.000002C22862E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414906602.000002C228628000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
    Source: firefox.exe, 0000000E.00000003.2427459272.000002C227FBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://vk.com/
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
    Source: firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
    Source: firefox.exe, 0000000E.00000003.2428995253.000002C22768E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://watch.sling.com/
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
    Source: firefox.exe, 0000000E.00000003.2373208475.000002C22F567000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
    Source: firefox.exe, 0000000E.00000003.2427459272.000002C227FBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
    Source: firefox.exe, 0000000E.00000003.2427459272.000002C227FBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2406064782.000002C22E08C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2419699402.000002C22E0B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
    Source: firefox.exe, 0000000E.00000003.2406064782.000002C22E08C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2419699402.000002C22E0B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
    Source: firefox.exe, 0000000E.00000003.2406064782.000002C22E0E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2260981192.000002C22E0EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2419102605.000002C22E0E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
    Source: firefox.exe, 0000000E.00000003.2425365023.000002C22862E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414906602.000002C228628000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2406064782.000002C22E08C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2419699402.000002C22E0B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
    Source: firefox.exe, 00000010.00000002.3447507908.00000290FE2C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3446654435.000001D329CF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3451521960.000001CAEBE03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
    Source: firefox.exe, 0000000E.00000003.2371190685.000002C2275E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232982052.000002C225B52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274221681.000002C2275DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232778151.000002C225B31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2354992972.000002C2275DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275499634.000002C2275DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2344145063.000002C2275DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232589564.000002C225B0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2346356962.000002C2275DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232421790.000002C225900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2272441276.000002C2275DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
    Source: firefox.exe, 0000000E.00000003.2406064782.000002C22E08C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2419699402.000002C22E0B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
    Source: firefox.exe, 0000000E.00000003.2406064782.000002C22E08C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2419699402.000002C22E0B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
    Source: firefox.exe, 0000000E.00000003.2427459272.000002C227FBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2406064782.000002C22E0E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2260981192.000002C22E0EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2419102605.000002C22E0E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
    Source: firefox.exe, 0000000E.00000003.2427459272.000002C227FBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2425365023.000002C22862E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414906602.000002C228628000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
    Source: firefox.exe, 0000000E.00000003.2406064782.000002C22E0E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2260981192.000002C22E0EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2419102605.000002C22E0E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bbc.co.uk/
    Source: firefox.exe, 0000000E.00000003.2427459272.000002C227FBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2425365023.000002C22862E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414906602.000002C228628000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ctrip.com/
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: https://www.digicert.com/CPS0
    Source: firefox.exe, 0000000E.00000003.2425365023.000002C22862E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414906602.000002C228628000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.co.uk/
    Source: firefox.exe, 0000000E.00000003.2406064782.000002C22E08C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2419699402.000002C22E0B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.de/
    Source: firefox.exe, 0000000E.00000003.2425365023.000002C22862E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414906602.000002C228628000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
    Source: firefox.exe, 0000000E.00000003.2407662742.000002C22DD40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
    Source: firefox.exe, 0000000E.00000003.2259109439.000002C22DF51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
    Source: firefox.exe, 0000000E.00000003.2232982052.000002C225B52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232778151.000002C225B31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232589564.000002C225B0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232421790.000002C225900000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
    Source: firefox.exe, 0000000E.00000003.2260981192.000002C22E0EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274221681.000002C2275DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232778151.000002C225B31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2354992972.000002C2275DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275499634.000002C2275DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2344145063.000002C2275DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232589564.000002C225B0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2346356962.000002C2275DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232421790.000002C225900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2272441276.000002C2275DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
    Source: firefox.exe, 0000000E.00000003.2413000905.000002C2295CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
    Source: firefox.exe, 0000000E.00000003.2275304244.000002C2279CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hulu.com/watch/
    Source: firefox.exe, 0000000E.00000003.2427459272.000002C227FBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2406064782.000002C22E0E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2260981192.000002C22E0EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2419102605.000002C22E0E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
    Source: firefox.exe, 0000000E.00000003.2275304244.000002C2279CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.instagram.com/
    Source: firefox.exe, 0000000E.00000003.2427459272.000002C227FBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2406064782.000002C22E0E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2260981192.000002C22E0EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2419102605.000002C22E0E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
    Source: firefox.exe, 0000000E.00000003.2406064782.000002C22E0E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2260981192.000002C22E0EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2419102605.000002C22E0E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
    Source: firefox.exe, 0000000E.00000003.2410779067.000002C22DC37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2373208475.000002C22F59F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
    Source: firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
    Source: firefox.exe, 0000000E.00000003.2405239648.000002C22E3A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
    Source: firefox.exe, 0000000E.00000003.2262561006.000002C22E4E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262561006.000002C22E4CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2263965701.000002C22734C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
    Source: firefox.exe, 0000000E.00000003.2405239648.000002C22E3A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
    Source: firefox.exe, 0000000E.00000003.2405239648.000002C22E3A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402457859.000002C22E8A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
    Source: firefox.exe, 0000000E.00000003.2382716657.000002C22F641000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2372787128.000002C22F641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
    Source: firefox.exe, 00000010.00000002.3447507908.00000290FE2C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3446654435.000001D329CC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3446763241.000001CAEBBF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
    Source: firefox.exe, 0000000E.00000003.2407442306.000002C22DDAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
    Source: firefox.exe, 00000014.00000002.3446763241.000001CAEBBF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox//
    Source: firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 0000000E.00000003.2407442306.000002C22DDAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/V
    Source: firefox.exe, 0000000E.00000003.2406064782.000002C22E0E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2260981192.000002C22E0EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2419102605.000002C22E0E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2406064782.000002C22E08C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2419699402.000002C22E0B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
    Source: firefox.exe, 0000000E.00000003.2406064782.000002C22E0E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2260981192.000002C22E0EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2419102605.000002C22E0E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2406064782.000002C22E08C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2419699402.000002C22E0B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
    Source: firefox.exe, 0000000E.00000003.2428995253.000002C22768E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sling.com/
    Source: firefox.exe, 00000010.00000002.3447507908.00000290FE2C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3446654435.000001D329CF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3451521960.000001CAEBE03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
    Source: firefox.exe, 0000000E.00000003.2429037324.000002C227663000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
    Source: firefox.exe, 0000000E.00000003.2406064782.000002C22E08C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2419699402.000002C22E0B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
    Source: firefox.exe, 00000014.00000002.3446763241.000001CAEBB0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: firefox.exe, 0000000E.00000003.2427459272.000002C227FBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zhihu.com/
    Source: firefox.exe, 0000000E.00000003.2421894346.000002C229C71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2273078856.000002C22F5DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2373208475.000002C22F5DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
    Source: firefox.exe, 0000000E.00000003.2373208475.000002C22F5A3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2418195021.000002C230258000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427215955.000002C228053000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/
    Source: recovery.jsonlz4.tmp.14.drString found in binary or memory: https://youtube.com/account?=
    Source: firefox.exe, 00000014.00000002.3450936428.000001CAEBCE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://ac
    Source: firefox.exe, 00000010.00000002.3446971734.00000290FDF5A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3445837294.000001CAEB82A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.googl
    Source: firefox.exe, 0000000E.00000003.2421894346.000002C229C71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2424087458.000002C2286F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2352202503.000002C227E77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2330199920.000002C227E6C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414906602.000002C2286F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2322790690.000002C227E6C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3446971734.00000290FDF50000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3451766948.00000290FE314000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3446971734.00000290FDF5A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3444933242.000001D329A1A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3445374396.000001D329A84000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3444933242.000001D329A10000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3445837294.000001CAEB820000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3445837294.000001CAEB82A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3450936428.000001CAEBCE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 0000000C.00000002.2221420436.000001BF19449000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2227661345.000001B98B99E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
    Source: firefox.exe, 0000000E.00000003.2429408941.000002C22578F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3446971734.00000290FDF50000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3451766948.00000290FE314000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3445374396.000001D329A84000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3444933242.000001D329A10000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3445837294.000001CAEB820000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3450936428.000001CAEBCE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
    Source: unknownNetwork traffic detected: HTTP traffic on port 50909 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50810
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50814
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51905
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50816
    Source: unknownNetwork traffic detected: HTTP traffic on port 50821 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50815
    Source: unknownNetwork traffic detected: HTTP traffic on port 50915 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51021
    Source: unknownNetwork traffic detected: HTTP traffic on port 51019 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 51965 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50920 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 51969 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50815 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 51015 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50821
    Source: unknownNetwork traffic detected: HTTP traffic on port 51905 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50820
    Source: unknownNetwork traffic detected: HTTP traffic on port 50908 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 51009 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50822
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50946
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50824
    Source: unknownNetwork traffic detected: HTTP traffic on port 50822 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50914 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51033
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50860
    Source: unknownNetwork traffic detected: HTTP traffic on port 50946 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 51968 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50860 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50816 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50809 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50908
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50907
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50909
    Source: unknownNetwork traffic detected: HTTP traffic on port 51964 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 51016 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 51960 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51009
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51966
    Source: unknownNetwork traffic detected: HTTP traffic on port 51008 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 51033 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51967
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51007
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51964
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51008
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51965
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50836
    Source: unknownNetwork traffic detected: HTTP traffic on port 50907 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50915
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51968
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50914
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51969
    Source: unknownNetwork traffic detected: HTTP traffic on port 51973 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51962
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51963
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51960
    Source: unknownNetwork traffic detected: HTTP traffic on port 50922 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50836 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 51967 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50808 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 51963 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50920
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50922
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51018
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51019
    Source: unknownNetwork traffic detected: HTTP traffic on port 50824 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50923
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51016
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51973
    Source: unknownNetwork traffic detected: HTTP traffic on port 51007 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51014
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51015
    Source: unknownNetwork traffic detected: HTTP traffic on port 51021 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50814 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 51966 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50923 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50810 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50820 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50809
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50808
    Source: unknownNetwork traffic detected: HTTP traffic on port 51018 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 51962 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 51014 -> 443
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:50815 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:50820 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:50824 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:50909 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50920 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50922 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:51008 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:51007 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.6:51009 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:51014 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:51015 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:51016 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:51021 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 142.250.65.238:443 -> 192.168.2.6:51905 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:51966 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:51964 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:51965 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:51962 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:51963 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:51967 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:51968 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:51969 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0089EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0089EAFF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0089ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0089ED6A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0089EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0089EAFF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0088AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_0088AA57
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008B9576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_008B9576

    System Summary

    barindex
    Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
    Source: file.exe, 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_30188723-9
    Source: file.exe, 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_73b3262e-8
    Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_b47f044f-7
    Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_5f13e983-f
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000001D32A1DAEF2 NtQuerySystemInformation,18_2_000001D32A1DAEF2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000001D32A1D24B7 NtQuerySystemInformation,18_2_000001D32A1D24B7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0088D5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_0088D5EB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00881201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00881201
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0088E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_0088E8F6
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008920460_2_00892046
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008280600_2_00828060
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008882980_2_00888298
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0085E4FF0_2_0085E4FF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0085676B0_2_0085676B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008B48730_2_008B4873
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0084CAA00_2_0084CAA0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0082CAF00_2_0082CAF0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0083CC390_2_0083CC39
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00856DD90_2_00856DD9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008291C00_2_008291C0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0083B1190_2_0083B119
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008413940_2_00841394
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0084781B0_2_0084781B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008279200_2_00827920
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0083997D0_2_0083997D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00847A4A0_2_00847A4A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00847CA70_2_00847CA7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00859EEE0_2_00859EEE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008ABE440_2_008ABE44
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000001D32A1DAEF218_2_000001D32A1DAEF2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000001D32A1DAF3218_2_000001D32A1DAF32
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000001D32A1DB61C18_2_000001D32A1DB61C
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000001D32A1D24B718_2_000001D32A1D24B7
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00829CB3 appears 31 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00840A30 appears 46 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 0083F9F2 appears 40 times
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: classification engineClassification label: mal72.troj.evad.winEXE@34/34@66/13
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008937B5 GetLastError,FormatMessageW,0_2_008937B5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008810BF AdjustTokenPrivileges,CloseHandle,0_2_008810BF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008816C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_008816C3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008951CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_008951CD
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0088D4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_0088D4DC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0089648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_0089648E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008242A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_008242A2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6684:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6600:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6208:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6392:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6484:120:WilError_03
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
    Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: firefox.exe, 0000000E.00000003.2426792549.000002C22813D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2429129792.000002C227638000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
    Source: file.exeReversingLabs: Detection: 28%
    Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
    Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2284 -parentBuildID 20230927232528 -prefsHandle 2232 -prefMapHandle 2228 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d3b9a08-6fb8-422b-b765-a43db8b920aa} 6916 "\\.\pipe\gecko-crash-server-pipe.6916" 2c215b6ef10 socket
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3816 -parentBuildID 20230927232528 -prefsHandle 3788 -prefMapHandle 3896 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1235fb2f-2ad4-4d0b-85b2-34b26d7e737e} 6916 "\\.\pipe\gecko-crash-server-pipe.6916" 2c2281e5310 rdd
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5080 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5072 -prefMapHandle 5052 -prefsLen 33093 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ffc7800e-51e3-45ac-bcdd-0eb239f79988} 6916 "\\.\pipe\gecko-crash-server-pipe.6916" 2c22e35cf10 utility
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2284 -parentBuildID 20230927232528 -prefsHandle 2232 -prefMapHandle 2228 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d3b9a08-6fb8-422b-b765-a43db8b920aa} 6916 "\\.\pipe\gecko-crash-server-pipe.6916" 2c215b6ef10 socketJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3816 -parentBuildID 20230927232528 -prefsHandle 3788 -prefMapHandle 3896 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1235fb2f-2ad4-4d0b-85b2-34b26d7e737e} 6916 "\\.\pipe\gecko-crash-server-pipe.6916" 2c2281e5310 rddJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5080 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5072 -prefMapHandle 5052 -prefsLen 33093 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ffc7800e-51e3-45ac-bcdd-0eb239f79988} 6916 "\\.\pipe\gecko-crash-server-pipe.6916" 2c22e35cf10 utilityJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: webauthn.pdb source: firefox.exe, 0000000E.00000003.2391010788.000002C22A601000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000E.00000003.2433038756.000002C2257BE000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000E.00000003.2432663150.000002C2257B3000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wshbth.pdb source: firefox.exe, 0000000E.00000003.2433038756.000002C2257BE000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000E.00000003.2391010788.000002C22A601000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000E.00000003.2432663150.000002C2257B3000.00000004.00000020.00020000.00000000.sdmp
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008242DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008242DE
    Source: gmpopenh264.dll.tmp.14.drStatic PE information: section name: .rodata
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00840A76 push ecx; ret 0_2_00840A89
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0083F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_0083F98E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008B1C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_008B1C41
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-96053
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000001D32A1DAEF2 rdtsc 18_2_000001D32A1DAEF2
    Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.6 %
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0088DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0088DBBE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0085C2A2 FindFirstFileExW,0_2_0085C2A2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008968EE FindFirstFileW,FindClose,0_2_008968EE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0089698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0089698F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0088D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0088D076
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0088D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0088D3A9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00899642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00899642
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0089979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0089979D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00899B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00899B2B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00895C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00895C97
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008242DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008242DE
    Source: firefox.exe, 00000012.00000002.3444933242.000001D329A1A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWPH/*
    Source: firefox.exe, 00000010.00000002.3452864840.00000290FE500000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3451353643.000001CAEBCF0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3445837294.000001CAEB82A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: firefox.exe, 00000010.00000002.3452195746.00000290FE41F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
    Source: firefox.exe, 00000010.00000002.3452864840.00000290FE500000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllh
    Source: firefox.exe, 00000010.00000002.3452864840.00000290FE500000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll=
    Source: firefox.exe, 00000012.00000002.3451714261.000001D32A2F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW}
    Source: firefox.exe, 00000012.00000002.3451714261.000001D32A2F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll^{
    Source: firefox.exe, 00000010.00000002.3446971734.00000290FDF5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
    Source: firefox.exe, 00000012.00000002.3451714261.000001D32A2F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllB
    Source: firefox.exe, 00000010.00000002.3452864840.00000290FE500000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3451714261.000001D32A2F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000001D32A1DAEF2 rdtsc 18_2_000001D32A1DAEF2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0089EAA2 BlockInput,0_2_0089EAA2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00852622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00852622
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008242DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008242DE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00844CE8 mov eax, dword ptr fs:[00000030h]0_2_00844CE8
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00880B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00880B62
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00852622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00852622
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0084083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0084083F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008409D5 SetUnhandledExceptionFilter,0_2_008409D5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00840C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00840C21
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00881201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00881201
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00862BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00862BA5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0088B226 SendInput,keybd_event,0_2_0088B226
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008A22DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_008A22DA
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00880B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00880B62
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00881663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00881663
    Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
    Source: file.exeBinary or memory string: Shell_TrayWnd
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00840698 cpuid 0_2_00840698
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00898195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_00898195
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0087D27A GetUserNameW,0_2_0087D27A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0085B952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_0085B952
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008242DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008242DE

    Stealing of Sensitive Information

    barindex
    Source: Yara matchFile source: Process Memory Space: file.exe PID: 1492, type: MEMORYSTR
    Source: file.exeBinary or memory string: WIN_81
    Source: file.exeBinary or memory string: WIN_XP
    Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
    Source: file.exeBinary or memory string: WIN_XPe
    Source: file.exeBinary or memory string: WIN_VISTA
    Source: file.exeBinary or memory string: WIN_7
    Source: file.exeBinary or memory string: WIN_8

    Remote Access Functionality

    barindex
    Source: Yara matchFile source: Process Memory Space: file.exe PID: 1492, type: MEMORYSTR
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008A1204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_008A1204
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008A1806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_008A1806
    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure2
    Valid Accounts
    1
    Windows Management Instrumentation
    1
    DLL Side-Loading
    1
    Exploitation for Privilege Escalation
    2
    Disable or Modify Tools
    21
    Input Capture
    2
    System Time Discovery
    Remote Services1
    Archive Collected Data
    2
    Ingress Tool Transfer
    Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault Accounts1
    Native API
    2
    Valid Accounts
    1
    DLL Side-Loading
    1
    Deobfuscate/Decode Files or Information
    LSASS Memory1
    Account Discovery
    Remote Desktop Protocol21
    Input Capture
    12
    Encrypted Channel
    Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    Extra Window Memory Injection
    2
    Obfuscated Files or Information
    Security Account Manager2
    File and Directory Discovery
    SMB/Windows Admin Shares3
    Clipboard Data
    2
    Non-Application Layer Protocol
    Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
    Valid Accounts
    1
    DLL Side-Loading
    NTDS16
    System Information Discovery
    Distributed Component Object ModelInput Capture3
    Application Layer Protocol
    Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
    Access Token Manipulation
    1
    Extra Window Memory Injection
    LSA Secrets131
    Security Software Discovery
    SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
    Process Injection
    1
    Masquerading
    Cached Domain Credentials1
    Virtualization/Sandbox Evasion
    VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
    Valid Accounts
    DCSync3
    Process Discovery
    Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    Virtualization/Sandbox Evasion
    Proc Filesystem1
    Application Window Discovery
    Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
    Access Token Manipulation
    /etc/passwd and /etc/shadow1
    System Owner/User Discovery
    Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
    Process Injection
    Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1559391 Sample: file.exe Startdate: 20/11/2024 Architecture: WINDOWS Score: 72 45 youtube.com 2->45 47 youtube-ui.l.google.com 2->47 49 34 other IPs or domains 2->49 57 Multi AV Scanner detection for submitted file 2->57 59 Yara detected Credential Flusher 2->59 61 Binary is likely a compiled AutoIt script file 2->61 63 2 other signatures 2->63 8 file.exe 2->8         started        11 firefox.exe 1 2->11         started        signatures3 process4 signatures5 65 Binary is likely a compiled AutoIt script file 8->65 67 Found API chain indicative of sandbox detection 8->67 13 taskkill.exe 1 8->13         started        15 taskkill.exe 1 8->15         started        17 taskkill.exe 1 8->17         started        23 3 other processes 8->23 19 firefox.exe 3 214 11->19         started        process6 dnsIp7 25 conhost.exe 13->25         started        27 conhost.exe 15->27         started        29 conhost.exe 17->29         started        51 youtube.com 142.250.186.142, 443, 50809, 50810 GOOGLEUS United States 19->51 53 142.250.65.238, 443, 51905 GOOGLEUS United States 19->53 55 11 other IPs or domains 19->55 41 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 19->41 dropped 43 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 19->43 dropped 31 firefox.exe 1 19->31         started        33 firefox.exe 1 19->33         started        35 firefox.exe 1 19->35         started        37 conhost.exe 23->37         started        39 conhost.exe 23->39         started        file8 process9

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand
    SourceDetectionScannerLabelLink
    file.exe29%ReversingLabsWin32.Trojan.AutoitInject
    file.exe100%Joe Sandbox ML
    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs
    No Antivirus matches
    No Antivirus matches
    No Antivirus matches
    NameIPActiveMaliciousAntivirus DetectionReputation
    example.org
    93.184.215.14
    truefalse
      high
      star-mini.c10r.facebook.com
      157.240.253.35
      truefalse
        high
        prod.classify-client.prod.webservices.mozgcp.net
        35.190.72.216
        truefalse
          high
          prod.balrog.prod.cloudops.mozgcp.net
          35.244.181.201
          truefalse
            high
            twitter.com
            104.244.42.193
            truefalse
              high
              prod.detectportal.prod.cloudops.mozgcp.net
              34.107.221.82
              truefalse
                high
                services.addons.mozilla.org
                151.101.1.91
                truefalse
                  high
                  dyna.wikimedia.org
                  185.15.59.224
                  truefalse
                    high
                    prod.remote-settings.prod.webservices.mozgcp.net
                    34.149.100.209
                    truefalse
                      high
                      contile.services.mozilla.com
                      34.117.188.166
                      truefalse
                        high
                        youtube.com
                        142.250.186.142
                        truefalse
                          high
                          prod.content-signature-chains.prod.webservices.mozgcp.net
                          34.160.144.191
                          truefalse
                            high
                            dualstack.reddit.map.fastly.net
                            151.101.129.140
                            truefalse
                              high
                              youtube-ui.l.google.com
                              142.250.186.46
                              truefalse
                                high
                                us-west1.prod.sumo.prod.webservices.mozgcp.net
                                34.149.128.2
                                truefalse
                                  high
                                  ipv4only.arpa
                                  192.0.0.170
                                  truefalse
                                    high
                                    prod.ads.prod.webservices.mozgcp.net
                                    34.117.188.166
                                    truefalse
                                      high
                                      push.services.mozilla.com
                                      34.107.243.93
                                      truefalse
                                        high
                                        normandy-cdn.services.mozilla.com
                                        35.201.103.21
                                        truefalse
                                          high
                                          telemetry-incoming.r53-2.services.mozilla.com
                                          34.120.208.123
                                          truefalse
                                            high
                                            www.reddit.com
                                            unknown
                                            unknownfalse
                                              high
                                              spocs.getpocket.com
                                              unknown
                                              unknownfalse
                                                high
                                                content-signature-2.cdn.mozilla.net
                                                unknown
                                                unknownfalse
                                                  high
                                                  support.mozilla.org
                                                  unknown
                                                  unknownfalse
                                                    high
                                                    firefox.settings.services.mozilla.com
                                                    unknown
                                                    unknownfalse
                                                      high
                                                      www.youtube.com
                                                      unknown
                                                      unknownfalse
                                                        high
                                                        www.facebook.com
                                                        unknown
                                                        unknownfalse
                                                          high
                                                          detectportal.firefox.com
                                                          unknown
                                                          unknownfalse
                                                            high
                                                            normandy.cdn.mozilla.net
                                                            unknown
                                                            unknownfalse
                                                              high
                                                              shavar.services.mozilla.com
                                                              unknown
                                                              unknownfalse
                                                                high
                                                                www.wikipedia.org
                                                                unknown
                                                                unknownfalse
                                                                  high
                                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                    high
                                                                    https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 0000000E.00000003.2413000905.000002C2295FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2373208475.000002C22F567000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3446654435.000001D329CC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3446763241.000001CAEBBC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                        high
                                                                        https://datastudio.google.com/embed/reporting/firefox.exe, 0000000E.00000003.2376238549.000002C227339000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          http://www.mozilla.com0gmpopenh264.dll.tmp.14.drfalse
                                                                            high
                                                                            https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000010.00000002.3447507908.00000290FE273000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3446654435.000001D329C86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3446763241.000001CAEBB8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              https://json-schema.org/draft/2019-09/schema.firefox.exe, 0000000E.00000003.2403387319.000002C22E378000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2418737633.000002C22E378000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://www.leboncoin.fr/firefox.exe, 0000000E.00000003.2406064782.000002C22E0E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2260981192.000002C22E0EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2419102605.000002C22E0E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://spocs.getpocket.com/spocsfirefox.exe, 0000000E.00000003.2413320396.000002C2295C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://completion.amazon.com/search/complete?q=firefox.exe, 0000000E.00000003.2232982052.000002C225B52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232778151.000002C225B31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232589564.000002C225B0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232421790.000002C225900000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://ads.stickyadstv.com/firefox-etpfirefox.exe, 0000000E.00000003.2427860763.000002C227AF9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://monitor.firefox.com/breach-details/firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                high
                                                                                                https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  https://www.amazon.com/exec/obidos/external-search/firefox.exe, 0000000E.00000003.2371190685.000002C2275E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232982052.000002C225B52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274221681.000002C2275DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232778151.000002C225B31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2354992972.000002C2275DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275499634.000002C2275DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2344145063.000002C2275DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232589564.000002C225B0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2346356962.000002C2275DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232421790.000002C225900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2272441276.000002C2275DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    https://github.com/mozilla-services/screenshotsfirefox.exe, 0000000E.00000003.2232778151.000002C225B31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232589564.000002C225B0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232421790.000002C225900000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            https://youtube.com/firefox.exe, 0000000E.00000003.2373208475.000002C22F5A3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2418195021.000002C230258000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427215955.000002C228053000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              https://content-signature-2.cdn.mozilla.net/firefox.exe, 0000000E.00000003.2419102605.000002C22E0E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                https://json-schema.org/draft/2020-12/schema/=firefox.exe, 0000000E.00000003.2403387319.000002C22E378000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2418737633.000002C22E378000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  https://youtube.com/account?=https://acfirefox.exe, 00000014.00000002.3450936428.000001CAEBCE0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=htfirefox.exe, 0000000E.00000003.2372787128.000002C22F641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      https://www.instagram.com/firefox.exe, 0000000E.00000003.2275304244.000002C2279CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          https://api.accounts.firefox.com/v1firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiprefs-1.js.14.drfalse
                                                                                                                              high
                                                                                                                              https://ok.ru/firefox.exe, 0000000E.00000003.2427459272.000002C227FBB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                https://www.amazon.com/firefox.exe, 0000000E.00000003.2425365023.000002C22862E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414906602.000002C228628000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2406064782.000002C22E08C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2419699402.000002C22E0B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      https://www.youtube.com/firefox.exe, 00000014.00000002.3446763241.000001CAEBB0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          https://MD8.mozilla.org/1/mfirefox.exe, 0000000E.00000003.2373208475.000002C22F567000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            https://www.bbc.co.uk/firefox.exe, 0000000E.00000003.2406064782.000002C22E0E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2260981192.000002C22E0EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2419102605.000002C22E0E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 0000000E.00000003.2382716657.000002C22F641000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2372787128.000002C22F641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 0000000E.00000003.2407442306.000002C22DDAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3446654435.000001D329CC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3446763241.000001CAEBBC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  http://127.0.0.1:firefox.exe, 0000000E.00000003.2421894346.000002C229C71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427459272.000002C227F97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 0000000E.00000003.2330880648.000002C227829000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      https://bugzilla.mofirefox.exe, 0000000E.00000003.2417405676.000002C22818B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        https://mitmdetection.services.mozilla.com/firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                          high
                                                                                                                                                          https://youtube.com/account?=recovery.jsonlz4.tmp.14.drfalse
                                                                                                                                                            high
                                                                                                                                                            https://youtube.com/account?=https://accounts.googlfirefox.exe, 00000010.00000002.3446971734.00000290FDF5A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3445837294.000001CAEB82A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              high
                                                                                                                                                              https://spocs.getpocket.com/firefox.exe, 0000000E.00000003.2421272582.000002C229CEA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3446654435.000001D329C12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3446763241.000001CAEBB13000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                high
                                                                                                                                                                https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                  high
                                                                                                                                                                  https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                    high
                                                                                                                                                                    https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                      high
                                                                                                                                                                      https://www.iqiyi.com/firefox.exe, 0000000E.00000003.2427459272.000002C227FBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2406064782.000002C22E0E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2260981192.000002C22E0EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2419102605.000002C22E0E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        high
                                                                                                                                                                        https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                          high
                                                                                                                                                                          https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                            high
                                                                                                                                                                            https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                              high
                                                                                                                                                                              http://a9.com/-/spec/opensearch/1.0/firefox.exe, 0000000E.00000003.2405239648.000002C22E3CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2403387319.000002C22E3CA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                high
                                                                                                                                                                                https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                  high
                                                                                                                                                                                  https://monitor.firefox.com/user/dashboardfirefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                    high
                                                                                                                                                                                    https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                      high
                                                                                                                                                                                      https://monitor.firefox.com/aboutfirefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                        high
                                                                                                                                                                                        http://mozilla.org/MPL/2.0/.firefox.exe, 0000000E.00000003.2424087458.000002C2286BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2446251315.000002C22977D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2272686574.000002C22799B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2270026875.000002C2278AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2371108657.000002C22DEB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2355284152.000002C227874000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2345476562.000002C227955000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2344145063.000002C2275C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240502191.000002C2259C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2413761247.000002C2291EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2421027655.000002C22DC26000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2343531360.000002C2273D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427215955.000002C228068000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2235200053.000002C225C51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2257047362.000002C22DECB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2353594284.000002C227895000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2321238097.000002C229782000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2388318722.000002C225CD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2392241593.000002C225982000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2330880648.000002C227830000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2330880648.000002C227829000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          high
                                                                                                                                                                                          https://coverage.mozilla.orgfirefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                            high
                                                                                                                                                                                            http://crl.thawte.com/ThawteTimestampingCA.crl0gmpopenh264.dll.tmp.14.drfalse
                                                                                                                                                                                              high
                                                                                                                                                                                              https://www.zhihu.com/firefox.exe, 0000000E.00000003.2427459272.000002C227FBB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                high
                                                                                                                                                                                                http://a9.com/-/spec/opensearch/1.1/firefox.exe, 0000000E.00000003.2405239648.000002C22E3CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2403387319.000002C22E3CA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  high
                                                                                                                                                                                                  https://blocked.cdn.mozilla.net/firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                    high
                                                                                                                                                                                                    https://json-schema.org/draft/2019-09/schemafirefox.exe, 0000000E.00000003.2419805920.000002C22E099000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2406064782.000002C22E08C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      high
                                                                                                                                                                                                      https://profiler.firefox.comfirefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                        high
                                                                                                                                                                                                        https://identity.mozilla.com/apps/relayfirefox.exe, 0000000E.00000003.2403325023.000002C22E863000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          high
                                                                                                                                                                                                          https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                            high
                                                                                                                                                                                                            https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2firefox.exe, 0000000E.00000003.2422386173.000002C229167000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              high
                                                                                                                                                                                                              https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/firefox.exe, 0000000E.00000003.2382716657.000002C22F641000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2372787128.000002C22F641000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                high
                                                                                                                                                                                                                https://contile.services.mozilla.com/v1/tilesfirefox.exe, 0000000E.00000003.2422386173.000002C22919F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261187976.000002C2282ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                  high
                                                                                                                                                                                                                  https://www.amazon.co.uk/firefox.exe, 0000000E.00000003.2406064782.000002C22E0E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2260981192.000002C22E0EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2419102605.000002C22E0E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    high
                                                                                                                                                                                                                    https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/firefox.exe, 0000000E.00000003.2405239648.000002C22E396000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      high
                                                                                                                                                                                                                      https://monitor.firefox.com/user/preferencesfirefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                        high
                                                                                                                                                                                                                        https://screenshots.firefox.com/firefox.exe, 0000000E.00000003.2232421790.000002C225900000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          high
                                                                                                                                                                                                                          https://www.google.com/searchfirefox.exe, 0000000E.00000003.2260981192.000002C22E0EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274221681.000002C2275DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232778151.000002C225B31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2354992972.000002C2275DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275499634.000002C2275DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2344145063.000002C2275DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232589564.000002C225B0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2346356962.000002C2275DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232421790.000002C225900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2272441276.000002C2275DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            high
                                                                                                                                                                                                                            https://relay.firefox.com/api/v1/firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                              high
                                                                                                                                                                                                                              http://json-schema.org/draft-07/schema#-firefox.exe, 0000000E.00000003.2403387319.000002C22E378000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2418737633.000002C22E378000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                high
                                                                                                                                                                                                                                https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-reportfirefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                  high
                                                                                                                                                                                                                                  https://topsites.services.mozilla.com/cid/firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                    high
                                                                                                                                                                                                                                    https://www.wykop.pl/firefox.exe, 0000000E.00000003.2406064782.000002C22E08C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2419699402.000002C22E0B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      high
                                                                                                                                                                                                                                      https://twitter.com/firefox.exe, 0000000E.00000003.2425365023.000002C22862E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414906602.000002C228628000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        high
                                                                                                                                                                                                                                        https://vk.com/firefox.exe, 0000000E.00000003.2427459272.000002C227FBB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          high
                                                                                                                                                                                                                                          https://www.olx.pl/firefox.exe, 0000000E.00000003.2406064782.000002C22E0E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2260981192.000002C22E0EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2419102605.000002C22E0E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2406064782.000002C22E08C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2419699402.000002C22E0B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            high
                                                                                                                                                                                                                                            https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_firefox.exe, 00000010.00000002.3447507908.00000290FE2C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3446654435.000001D329CF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3451521960.000001CAEBE03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                                                                                                                                                                              high
                                                                                                                                                                                                                                              https://www.google.com/complete/searchfirefox.exe, 0000000E.00000003.2259109439.000002C22DF51000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                high
                                                                                                                                                                                                                                                https://watch.sling.com/firefox.exe, 0000000E.00000003.2428995253.000002C22768E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  high
                                                                                                                                                                                                                                                  https://getpocket.com/firefox/new_tab_learn_more/firefox.exe, 0000000E.00000003.2407442306.000002C22DDAD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    high
                                                                                                                                                                                                                                                    https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgfirefox.exe, 00000010.00000002.3447507908.00000290FE2C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3446654435.000001D329CF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3451521960.000001CAEBE03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                                                                                                                                                                                      high
                                                                                                                                                                                                                                                      https://www.google.com/complete/firefox.exe, 0000000E.00000003.2407662742.000002C22DD40000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        high
                                                                                                                                                                                                                                                        https://json-schema.org/draft/2019-09/schema./firefox.exe, 0000000E.00000003.2403387319.000002C22E378000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2418737633.000002C22E378000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          high
                                                                                                                                                                                                                                                          https://getpocket.com/recommendationsfirefox.exe, 0000000E.00000003.2413000905.000002C2295FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3446654435.000001D329CC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3446763241.000001CAEBBC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                            high
                                                                                                                                                                                                                                                            https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.tsfirefox.exe, 0000000E.00000003.2371108657.000002C22DEB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2369746385.000002C22DEA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2257047362.000002C22DEB9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                              high
                                                                                                                                                                                                                                                              https://webextensions.settings.services.mozilla.com/v1firefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                high
                                                                                                                                                                                                                                                                https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.tsfirefox.exe, 0000000E.00000003.2371108657.000002C22DEB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2369746385.000002C22DEA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2257047362.000002C22DEB9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                  high
                                                                                                                                                                                                                                                                  https://mochitest.youtube.com/firefox.exe, 0000000E.00000003.2275304244.000002C2279CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                    high
                                                                                                                                                                                                                                                                    https://youtube.comfirefox.exe, 0000000E.00000003.2421894346.000002C229C71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2273078856.000002C22F5DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2373208475.000002C22F5DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                      high
                                                                                                                                                                                                                                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integrationfirefox.exe, 00000010.00000002.3446763836.00000290FDED0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3450244035.000001D32A160000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3446418350.000001CAEB950000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                        high
                                                                                                                                                                                                                                                                        https://www.amazon.de/firefox.exe, 0000000E.00000003.2406064782.000002C22E08C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2419699402.000002C22E0B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                          high
                                                                                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                          • 75% < No. of IPs
                                                                                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                          151.101.1.91
                                                                                                                                                                                                                                                                          services.addons.mozilla.orgUnited States
                                                                                                                                                                                                                                                                          54113FASTLYUSfalse
                                                                                                                                                                                                                                                                          34.149.100.209
                                                                                                                                                                                                                                                                          prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                          34.107.243.93
                                                                                                                                                                                                                                                                          push.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.107.221.82
                                                                                                                                                                                                                                                                          prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          35.244.181.201
                                                                                                                                                                                                                                                                          prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.117.188.166
                                                                                                                                                                                                                                                                          contile.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                                                                          142.250.65.238
                                                                                                                                                                                                                                                                          unknownUnited States
                                                                                                                                                                                                                                                                          15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          142.250.186.142
                                                                                                                                                                                                                                                                          youtube.comUnited States
                                                                                                                                                                                                                                                                          15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          35.201.103.21
                                                                                                                                                                                                                                                                          normandy-cdn.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          35.190.72.216
                                                                                                                                                                                                                                                                          prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.160.144.191
                                                                                                                                                                                                                                                                          prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                          34.120.208.123
                                                                                                                                                                                                                                                                          telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          IP
                                                                                                                                                                                                                                                                          127.0.0.1
                                                                                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                          Analysis ID:1559391
                                                                                                                                                                                                                                                                          Start date and time:2024-11-20 13:26:06 +01:00
                                                                                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                          Overall analysis duration:0h 7m 1s
                                                                                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                          Number of analysed new started processes analysed:22
                                                                                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                          Sample name:file.exe
                                                                                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                                                                                          Classification:mal72.troj.evad.winEXE@34/34@66/13
                                                                                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                                                                                          • Successful, ratio: 50%
                                                                                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                                                                                          • Successful, ratio: 95%
                                                                                                                                                                                                                                                                          • Number of executed functions: 40
                                                                                                                                                                                                                                                                          • Number of non-executed functions: 314
                                                                                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 52.12.64.98, 35.80.238.59, 35.164.125.63, 216.58.206.78, 2.22.61.56, 2.22.61.59, 172.217.18.10, 172.217.16.202
                                                                                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, shavar.prod.mozaws.net, ciscobinary.openh264.org, otelrules.azureedge.net, slscr.update.microsoft.com, incoming.telemetry.mozilla.org, ctldl.windowsupdate.com, a17.rackcdn.com.mdc.edgesuite.net, aus5.mozilla.org, detectportal.prod.mozaws.net, fe3cr.delivery.mp.microsoft.com, a19.dscg10.akamai.net, ocsp.digicert.com, redirector.gvt1.com, safebrowsing.googleapis.com, location.services.mozilla.com
                                                                                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                          • VT rate limit hit for: file.exe
                                                                                                                                                                                                                                                                          TimeTypeDescription
                                                                                                                                                                                                                                                                          07:27:23API Interceptor1x Sleep call for process: firefox.exe modified
                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                          34.117.188.166file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                              151.101.1.91file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                  34.149.100.209file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                      example.orgfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      twitter.comfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.1
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.1
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.1
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.1
                                                                                                                                                                                                                                                                                                                                      star-mini.c10r.facebook.comfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.253.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.251.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.253.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.251.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.0.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.253.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.251.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.252.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.253.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.0.35
                                                                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                      FASTLYUSfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                      https://etiv-tcaer.vercel.app/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.194.137
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                      https://hffa.studycentrecpfc.com/D9ns6.studycentrecpfc.com/bUhZb/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.66.137
                                                                                                                                                                                                                                                                                                                                      WSock.dllGet hashmaliciousRamnitBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.194.137
                                                                                                                                                                                                                                                                                                                                      https://github.com/Ultimaker/Cura/releases/download/5.9.0/UltiMaker-Cura-5.9.0-win64-X64.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 185.199.111.133
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      http://mt6j71.p1keesoulharmony.com/Get hashmaliciousHTMLPhisher, EvilProxyBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.65.229
                                                                                                                                                                                                                                                                                                                                      GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfile.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.116.198.130
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.116.198.130
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.116.198.130
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.116.198.130
                                                                                                                                                                                                                                                                                                                                      ATGS-MMD-ASUSfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                      fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 142.250.65.238
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 142.250.65.238
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 142.250.65.238
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 142.250.65.238
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 142.250.65.238
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 142.250.65.238
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 142.250.65.238
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 142.250.65.238
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 142.250.65.238
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 142.250.65.238
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):7946
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.173462921549669
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:192:IsBMX3D0cbhbVbTbfbRbObtbyEl7nsNfJA6unSrDtTkdxSofCI:tiYcNhnzFSJMNG1nSrDhkdx2I
                                                                                                                                                                                                                                                                                                                                                          MD5:57EF0C9848287159BBEB0788189136DA
                                                                                                                                                                                                                                                                                                                                                          SHA1:0C88F379EB519E71B835D075CA0A88D57DCF4F28
                                                                                                                                                                                                                                                                                                                                                          SHA-256:5A122FA0AB02302DAE338125D4BFABCE8AD8D3F1F2325DF9947E10B1CBE0C14A
                                                                                                                                                                                                                                                                                                                                                          SHA-512:28A7C0883544DF52EBEA9AC17AD9C3A90AB75B6E1E847F495B6C3722A70F9D57E8B523A3F32FA1349B078BDED8C0BB1C5D9E914259C5E1F8981A4B8A5447C194
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"type":"uninstall","id":"bfe45395-b515-419c-b8d8-e559f2e6fb96","creationDate":"2024-11-20T14:08:18.003Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"7340e351-fad3-4a0f-b554-971fbfafe8fb","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):7946
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.173462921549669
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:192:IsBMX3D0cbhbVbTbfbRbObtbyEl7nsNfJA6unSrDtTkdxSofCI:tiYcNhnzFSJMNG1nSrDhkdx2I
                                                                                                                                                                                                                                                                                                                                                          MD5:57EF0C9848287159BBEB0788189136DA
                                                                                                                                                                                                                                                                                                                                                          SHA1:0C88F379EB519E71B835D075CA0A88D57DCF4F28
                                                                                                                                                                                                                                                                                                                                                          SHA-256:5A122FA0AB02302DAE338125D4BFABCE8AD8D3F1F2325DF9947E10B1CBE0C14A
                                                                                                                                                                                                                                                                                                                                                          SHA-512:28A7C0883544DF52EBEA9AC17AD9C3A90AB75B6E1E847F495B6C3722A70F9D57E8B523A3F32FA1349B078BDED8C0BB1C5D9E914259C5E1F8981A4B8A5447C194
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"type":"uninstall","id":"bfe45395-b515-419c-b8d8-e559f2e6fb96","creationDate":"2024-11-20T14:08:18.003Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"7340e351-fad3-4a0f-b554-971fbfafe8fb","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                                                                                                                          MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                                                                                                                          SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                                                                                                                          SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                                                                                                                          SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):453023
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                                                                                                                                                          MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                                                                                                                                                          SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                                                                                                                                                          SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                                                                                                                                                          SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):4419
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.930931325656252
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:96:gXiNFS+OcPUFEOdwNIOdwBjvYVbsLq+Y38P:gXiNFS+OcUGOdwiOdwBjkYLq+Y38P
                                                                                                                                                                                                                                                                                                                                                          MD5:255F1F712856321E87F71BC7AB207AEB
                                                                                                                                                                                                                                                                                                                                                          SHA1:46E535ABF31F0DFACD726084FA7A0601F2FE2F3F
                                                                                                                                                                                                                                                                                                                                                          SHA-256:B02033D460FBA6241207F04ADE664FC874DC57C0857C5213029F19F61C19AE7C
                                                                                                                                                                                                                                                                                                                                                          SHA-512:2E7CF1544C9B3F01FDF7D77C89B2254DD6D3D730FCFDFB48F6913BFC34077D495BF7335B40E03FF80FBB0D3C00E9DBFE077507ACE364DDD884AA543EB02789B9
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"bookmarks-toolbar-default-on":{"slug":"bookmarks-toolbar-default-on","branch":{"slug":"treatment-a","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"enableBookmarksToolbar":"always"},"enabled":true,"featureId":"bookmarks"}]},"active":true,"enrollmentId":"d48f64a8-a4ab-4cdd-a650-4b386e41a201","experimentType":"nimbus","source":"rs-loader","userFacingName":"Bookmarks Toolbar Default On","userFacingDescription":"An experiment that turns the bookmarks toolbar on by default.","lastSeen":"2023-10-05T06:20:35.557Z","featureIds":["bookmarks"],"prefs":[{"name":"browser.toolbars.bookmarks.visibility","branch":"user","featureId":"bookmarks","variable":"enableBookmarksToolbar","originalValue":null}],"isRollout":false},"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-s
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):4419
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.930931325656252
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:96:gXiNFS+OcPUFEOdwNIOdwBjvYVbsLq+Y38P:gXiNFS+OcUGOdwiOdwBjkYLq+Y38P
                                                                                                                                                                                                                                                                                                                                                          MD5:255F1F712856321E87F71BC7AB207AEB
                                                                                                                                                                                                                                                                                                                                                          SHA1:46E535ABF31F0DFACD726084FA7A0601F2FE2F3F
                                                                                                                                                                                                                                                                                                                                                          SHA-256:B02033D460FBA6241207F04ADE664FC874DC57C0857C5213029F19F61C19AE7C
                                                                                                                                                                                                                                                                                                                                                          SHA-512:2E7CF1544C9B3F01FDF7D77C89B2254DD6D3D730FCFDFB48F6913BFC34077D495BF7335B40E03FF80FBB0D3C00E9DBFE077507ACE364DDD884AA543EB02789B9
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"bookmarks-toolbar-default-on":{"slug":"bookmarks-toolbar-default-on","branch":{"slug":"treatment-a","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"enableBookmarksToolbar":"always"},"enabled":true,"featureId":"bookmarks"}]},"active":true,"enrollmentId":"d48f64a8-a4ab-4cdd-a650-4b386e41a201","experimentType":"nimbus","source":"rs-loader","userFacingName":"Bookmarks Toolbar Default On","userFacingDescription":"An experiment that turns the bookmarks toolbar on by default.","lastSeen":"2023-10-05T06:20:35.557Z","featureIds":["bookmarks"],"prefs":[{"name":"browser.toolbars.bookmarks.visibility","branch":"user","featureId":"bookmarks","variable":"enableBookmarksToolbar","originalValue":null}],"isRollout":false},"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-s
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 22422 bytes
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):5308
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.599374203470186
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6Uhm:zTx2x2t0FDJ4NpkuvjdeplTMohm
                                                                                                                                                                                                                                                                                                                                                          MD5:EB56C2F4DA9435F3D5574161F414CD17
                                                                                                                                                                                                                                                                                                                                                          SHA1:74A8FC3EC0559740FD9D835B638354985E2DEAB6
                                                                                                                                                                                                                                                                                                                                                          SHA-256:394E803D5FF8E156DFA7D15E96B51A683F4624A1BCF88EAA532399AC2C9B0966
                                                                                                                                                                                                                                                                                                                                                          SHA-512:DF90568D191C757392FB85BDDA5333C7FE7E3BB370C5DE8C50DD810B938D732E39B5608FB4494CAADAE99E1601989FDFC0FEBDCF70F27FFE581F904170A81E0F
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40..W....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 22422 bytes
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):5308
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.599374203470186
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6Uhm:zTx2x2t0FDJ4NpkuvjdeplTMohm
                                                                                                                                                                                                                                                                                                                                                          MD5:EB56C2F4DA9435F3D5574161F414CD17
                                                                                                                                                                                                                                                                                                                                                          SHA1:74A8FC3EC0559740FD9D835B638354985E2DEAB6
                                                                                                                                                                                                                                                                                                                                                          SHA-256:394E803D5FF8E156DFA7D15E96B51A683F4624A1BCF88EAA532399AC2C9B0966
                                                                                                                                                                                                                                                                                                                                                          SHA-512:DF90568D191C757392FB85BDDA5333C7FE7E3BB370C5DE8C50DD810B938D732E39B5608FB4494CAADAE99E1601989FDFC0FEBDCF70F27FFE581F904170A81E0F
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40..W....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                          MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                          SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                          SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                          SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"schema":6,"addons":[]}
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                          MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                          SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                          SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                          SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"schema":6,"addons":[]}
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):262144
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.04905141882491872
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:24:DLSvwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:DKwae+QtMImelekKDa5
                                                                                                                                                                                                                                                                                                                                                          MD5:8736A542C5564A922C47B19D9CC5E0F2
                                                                                                                                                                                                                                                                                                                                                          SHA1:CE9D58967DA9B5356D6C1D8A482F9CE74DA9097A
                                                                                                                                                                                                                                                                                                                                                          SHA-256:97CE5D8AFBB0AA610219C4FAC3927E32C91BFFD9FD971AF68C718E7B27E40077
                                                                                                                                                                                                                                                                                                                                                          SHA-512:99777325893DC7A95FD49B2DA18D32D65F97CC7A8E482D78EDC32F63245457FA5A52750800C074D552D20B6A215604161FDC88763D93C76A8703470C3064196B
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                          MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                          SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                          SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                          SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                          MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                          SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                          SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                          SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.185052013683835
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:768:AI4wvfCXh496G4C4U1W4z4xuHhvp4N4Tc4Z4S4t24U:AruBv3
                                                                                                                                                                                                                                                                                                                                                          MD5:10E2D85FEF0DB266E519048D63617FA8
                                                                                                                                                                                                                                                                                                                                                          SHA1:EBB307C44EBEFFA271AC58FDDE5C3A1BA52AE7B0
                                                                                                                                                                                                                                                                                                                                                          SHA-256:92143A48F55639B5BD01385D0E4E78EDED4F84401A91C12AC06251EE188CFE0E
                                                                                                                                                                                                                                                                                                                                                          SHA-512:164CBE725B44020AD40D165A1B1C242A7016ED8933AB9502D0D38E6CD99887D9DF49533DE54068AA4E5D8476C7791B52518A8477B8961475B7CB2C3AF54B81B1
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{87ef1fa3-cb84-4bbf-a615-45a1d14b629d}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.185052013683835
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:768:AI4wvfCXh496G4C4U1W4z4xuHhvp4N4Tc4Z4S4t24U:AruBv3
                                                                                                                                                                                                                                                                                                                                                          MD5:10E2D85FEF0DB266E519048D63617FA8
                                                                                                                                                                                                                                                                                                                                                          SHA1:EBB307C44EBEFFA271AC58FDDE5C3A1BA52AE7B0
                                                                                                                                                                                                                                                                                                                                                          SHA-256:92143A48F55639B5BD01385D0E4E78EDED4F84401A91C12AC06251EE188CFE0E
                                                                                                                                                                                                                                                                                                                                                          SHA-512:164CBE725B44020AD40D165A1B1C242A7016ED8933AB9502D0D38E6CD99887D9DF49533DE54068AA4E5D8476C7791B52518A8477B8961475B7CB2C3AF54B81B1
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{87ef1fa3-cb84-4bbf-a615-45a1d14b629d}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                                                                                          MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                                                                                          SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                                                                                          SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                                                                                          SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                          MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                          SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                          SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                          SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                          MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                          SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                          SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                          SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                          MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                          SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                          SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                          SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                          MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                          SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                          SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                          SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):98304
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.0733117092728705
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:12:DBl/A0OWla0mwPxRymgObsCVR45wcYR4fmnsCVR4zkiVgv:DLhesh7Owd4+ji
                                                                                                                                                                                                                                                                                                                                                          MD5:C8A1B1A297ADE8DC2C415DBB8427C146
                                                                                                                                                                                                                                                                                                                                                          SHA1:98D554FA66C7A74A3E63DE0BB1808E66033765DA
                                                                                                                                                                                                                                                                                                                                                          SHA-256:2487F1809534E57C7B825CB38BC3189C28C0AC52673C7F4AB01ABD7F8DDE298C
                                                                                                                                                                                                                                                                                                                                                          SHA-512:C9F32E94FB54C46B8CF1E1DA38322CD26A16CDF1A74BFA9AF25279B9D00A5DE0F1445A1AF37C888D799A47CCD68AEFD97AE585B2460AFE3AD5EBC7D1E288CFD6
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j......~s..F~s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.035287661275580785
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:GtlstFd/vLILCKRbBIPlstFd/vLILCKRbLlllJ89//alEl:GtWt05Rb+PWt05Rb389XuM
                                                                                                                                                                                                                                                                                                                                                          MD5:A74FF2C998350F265084BE05A07EF84C
                                                                                                                                                                                                                                                                                                                                                          SHA1:D84D05B143FAE2E833982D02A8F15596C9B14098
                                                                                                                                                                                                                                                                                                                                                          SHA-256:675099660D8EA3D225EDD5BD97F24E9509830F53CD979179905B487E69BD1CCC
                                                                                                                                                                                                                                                                                                                                                          SHA-512:492E5286A51103C68923D39039750710959D359024120B5FA313DE2567FB57DDF956BCCEF7350D4E11A339BE0E2EDE652677192379FFAF427A956C922FE6ADC3
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:..-......................:2J....0.&....\.v4...v..-......................:2J....0.&....\.v4...v........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):32824
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.034843271510462306
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:Ol1owCfZ3l2NVLCPO5T6a5SrV//mwl8XW3R2:KavJgHqFJpuw93w
                                                                                                                                                                                                                                                                                                                                                          MD5:BC190FBEE69B00AB620151FF3132F518
                                                                                                                                                                                                                                                                                                                                                          SHA1:43A9B79DAE68CC6E17EBB2D3EBB0B54C08DFFF6A
                                                                                                                                                                                                                                                                                                                                                          SHA-256:9EDE26D0D789F3D79884AAA474A58E975D2596B1AB7EF4148C3240C6D8B2046E
                                                                                                                                                                                                                                                                                                                                                          SHA-512:11145BBB82ECC66FD32F0D6AF6C9EAB4771249D1407E45F00EC816718097733EFCD51C05056A3A9FC1A1AC25DD089D9F5E937E7971D8EEEF132CEC74E5442EA4
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:7....-..........0.&.......C..v.........0.&....J2:.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):14081
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.465330958049721
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:192:OnTFTRRUYbBp6aLZNMGaX16qU4t4zy+/3/7qWgS5RYiNBw8d5Sl:UKe7FNMAOgyCq0dwi0
                                                                                                                                                                                                                                                                                                                                                          MD5:AE793BE9ACBB4AA920F7ABB4F361CE8C
                                                                                                                                                                                                                                                                                                                                                          SHA1:9011375EECF54787E0861059C0D1A22955298975
                                                                                                                                                                                                                                                                                                                                                          SHA-256:00F36D99457AA6F4E367FB9ACBA8EE95DA8D4A9173E966DB8623879E1CAB280E
                                                                                                                                                                                                                                                                                                                                                          SHA-512:91B6C16E0B8EB9B4C7A2FACDCE29F0AAE8F78B80BC9F9FC68601C9E559ADC15E60FCF0AE17D7347644BAF9905FBEC02BF91B0DDD3024B981B049A8A1F688CFE2
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1732111668);..user_pref("app.update.lastUpdateTime.background-update-timer", 1732111668);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1732111668);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173211
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):14081
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.465330958049721
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:192:OnTFTRRUYbBp6aLZNMGaX16qU4t4zy+/3/7qWgS5RYiNBw8d5Sl:UKe7FNMAOgyCq0dwi0
                                                                                                                                                                                                                                                                                                                                                          MD5:AE793BE9ACBB4AA920F7ABB4F361CE8C
                                                                                                                                                                                                                                                                                                                                                          SHA1:9011375EECF54787E0861059C0D1A22955298975
                                                                                                                                                                                                                                                                                                                                                          SHA-256:00F36D99457AA6F4E367FB9ACBA8EE95DA8D4A9173E966DB8623879E1CAB280E
                                                                                                                                                                                                                                                                                                                                                          SHA-512:91B6C16E0B8EB9B4C7A2FACDCE29F0AAE8F78B80BC9F9FC68601C9E559ADC15E60FCF0AE17D7347644BAF9905FBEC02BF91B0DDD3024B981B049A8A1F688CFE2
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1732111668);..user_pref("app.update.lastUpdateTime.background-update-timer", 1732111668);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1732111668);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173211
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:lSGBl/l/zl9l/AltllPltlnKollzvulJOlzALRWemFxu7TuRjBFbrl58lcV+wgn8:ltBl/lqN1K4BEJYqWvLue3FMOrMZ0l
                                                                                                                                                                                                                                                                                                                                                          MD5:60C09456D6362C6FBED48C69AA342C3C
                                                                                                                                                                                                                                                                                                                                                          SHA1:58B6E22DAA48C75958B429F662DEC1C011AE74D3
                                                                                                                                                                                                                                                                                                                                                          SHA-256:FE1A432A2CD096B7EEA870D46D07F5197E34B4D10666E6E1C357FAA3F2FE2389
                                                                                                                                                                                                                                                                                                                                                          SHA-512:936DBC887276EF07732783B50EAFE450A8598B0492B8F6C838B337EF3E8A6EA595E7C7A2FA4B3E881887FAAE2D207B953A4C65ED8C964D93118E00D3E03882BD
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                          MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                          SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                          SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                          SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                          MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                          SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                          SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                          SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):1572
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.341107327120134
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:24:v+USUGlcAxSnMLXnIgk/pnxQwRlszT5sKL0a3eHVvwKXT8GamhujJmyOOxmOm8i/:GUpOx0MEnR6d3eNwCT8G4JNgovRh4
                                                                                                                                                                                                                                                                                                                                                          MD5:BB9F6A7C1E399670B05DA91E4BDC6259
                                                                                                                                                                                                                                                                                                                                                          SHA1:09D41A9F45CC8D134668FC231BF16A91E6861F31
                                                                                                                                                                                                                                                                                                                                                          SHA-256:B245858948E4A5AC2BB7FDE3FFF54AB46F37EBB9C89E1B37699ED17901B20E85
                                                                                                                                                                                                                                                                                                                                                          SHA-512:DFE10F4243360B9D3A49C4F3382D48FC714CD05D93C698D5C7E4EE531826E8847ADB2BE45059208F18F432280C2678C7DCD8C46ED634A2F7AC66802E09FE3B3E
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{399b30ff-b74c-4925-bbe9-59a8dd180642}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1732111672682,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...46f3a197-db49-410a-81b3-94975c835573","zD..1...Wm..l........j..:....1":{..jUpdate...3,"startTim..P37646...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...Abfc0b67c202aaf415a5b7a51708a5c3270bb6f2f7664428a48797f00afbef6fc","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...47453,"originA...
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):1572
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.341107327120134
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:24:v+USUGlcAxSnMLXnIgk/pnxQwRlszT5sKL0a3eHVvwKXT8GamhujJmyOOxmOm8i/:GUpOx0MEnR6d3eNwCT8G4JNgovRh4
                                                                                                                                                                                                                                                                                                                                                          MD5:BB9F6A7C1E399670B05DA91E4BDC6259
                                                                                                                                                                                                                                                                                                                                                          SHA1:09D41A9F45CC8D134668FC231BF16A91E6861F31
                                                                                                                                                                                                                                                                                                                                                          SHA-256:B245858948E4A5AC2BB7FDE3FFF54AB46F37EBB9C89E1B37699ED17901B20E85
                                                                                                                                                                                                                                                                                                                                                          SHA-512:DFE10F4243360B9D3A49C4F3382D48FC714CD05D93C698D5C7E4EE531826E8847ADB2BE45059208F18F432280C2678C7DCD8C46ED634A2F7AC66802E09FE3B3E
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{399b30ff-b74c-4925-bbe9-59a8dd180642}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1732111672682,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...46f3a197-db49-410a-81b3-94975c835573","zD..1...Wm..l........j..:....1":{..jUpdate...3,"startTim..P37646...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...Abfc0b67c202aaf415a5b7a51708a5c3270bb6f2f7664428a48797f00afbef6fc","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...47453,"originA...
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):1572
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.341107327120134
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:24:v+USUGlcAxSnMLXnIgk/pnxQwRlszT5sKL0a3eHVvwKXT8GamhujJmyOOxmOm8i/:GUpOx0MEnR6d3eNwCT8G4JNgovRh4
                                                                                                                                                                                                                                                                                                                                                          MD5:BB9F6A7C1E399670B05DA91E4BDC6259
                                                                                                                                                                                                                                                                                                                                                          SHA1:09D41A9F45CC8D134668FC231BF16A91E6861F31
                                                                                                                                                                                                                                                                                                                                                          SHA-256:B245858948E4A5AC2BB7FDE3FFF54AB46F37EBB9C89E1B37699ED17901B20E85
                                                                                                                                                                                                                                                                                                                                                          SHA-512:DFE10F4243360B9D3A49C4F3382D48FC714CD05D93C698D5C7E4EE531826E8847ADB2BE45059208F18F432280C2678C7DCD8C46ED634A2F7AC66802E09FE3B3E
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{399b30ff-b74c-4925-bbe9-59a8dd180642}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1732111672682,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...46f3a197-db49-410a-81b3-94975c835573","zD..1...Wm..l........j..:....1":{..jUpdate...3,"startTim..P37646...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...Abfc0b67c202aaf415a5b7a51708a5c3270bb6f2f7664428a48797f00afbef6fc","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...47453,"originA...
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 4, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):4096
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):2.042811512334329
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:24:JBkSldh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jkSWEUo9LXtR+JdkOnohYsl
                                                                                                                                                                                                                                                                                                                                                          MD5:21235938025E2102017AC8C9748948A4
                                                                                                                                                                                                                                                                                                                                                          SHA1:A1EED1C4588724A8396C95FC9923C0A33B360FF8
                                                                                                                                                                                                                                                                                                                                                          SHA-256:E34B06B180E3F73DC8E441650BB7FE694A9D58E927412D6ED40B0852B784824E
                                                                                                                                                                                                                                                                                                                                                          SHA-512:D334B419A2A75179C17D7F53BF65FCC132ADE03B21059F0007ACDBB08284A281D8CE1C1CC598E6A070024D0DAE158E2E9618E121342BE068E87A051FE33D6061
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):4411
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.009135798231767
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:48:YrSAYlIHqUQZpExB1+anOdW6VhOGVpWJzzcsYMsku7f86SLAVL775FtsfAcbyJF4:yclICTEr5NfJzzcBvbw6Kkvrc2Rn27
                                                                                                                                                                                                                                                                                                                                                          MD5:1AD3213C8C48C6EFE92CC5D78024652E
                                                                                                                                                                                                                                                                                                                                                          SHA1:7DDADF3114BC86B556D2BF78C81F0AADFBD4818F
                                                                                                                                                                                                                                                                                                                                                          SHA-256:5A8FC5F139D49A703F47989B052A56442791EBB6B22F96AF59AF73EF335A4F72
                                                                                                                                                                                                                                                                                                                                                          SHA-512:3D71D696F3C4A944CD5ECC48C83C7011841DA92E9E934D5376692E10BDDC5868AE85BBC0FD57CE7FF17EC84C25920FF1D235C4E9FEDBEE187C9736C1C0658DB4
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-11-20T14:07:34.550Z","profileAgeCreated":1696486829272,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):4411
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.009135798231767
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:48:YrSAYlIHqUQZpExB1+anOdW6VhOGVpWJzzcsYMsku7f86SLAVL775FtsfAcbyJF4:yclICTEr5NfJzzcBvbw6Kkvrc2Rn27
                                                                                                                                                                                                                                                                                                                                                          MD5:1AD3213C8C48C6EFE92CC5D78024652E
                                                                                                                                                                                                                                                                                                                                                          SHA1:7DDADF3114BC86B556D2BF78C81F0AADFBD4818F
                                                                                                                                                                                                                                                                                                                                                          SHA-256:5A8FC5F139D49A703F47989B052A56442791EBB6B22F96AF59AF73EF335A4F72
                                                                                                                                                                                                                                                                                                                                                          SHA-512:3D71D696F3C4A944CD5ECC48C83C7011841DA92E9E934D5376692E10BDDC5868AE85BBC0FD57CE7FF17EC84C25920FF1D235C4E9FEDBEE187C9736C1C0658DB4
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-11-20T14:07:34.550Z","profileAgeCreated":1696486829272,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"
                                                                                                                                                                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.591278096051155
                                                                                                                                                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                                                                          File name:file.exe
                                                                                                                                                                                                                                                                                                                                                          File size:922'112 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5:e0b2866c4c2494645e94b5ef38b9acb8
                                                                                                                                                                                                                                                                                                                                                          SHA1:8d02c7748efffea787b8727fcc4a8b9545fa02ce
                                                                                                                                                                                                                                                                                                                                                          SHA256:ec37f3c2bc73ce7470c4a6619f4fe4ff973e835156cc466f8d9de64cf233661d
                                                                                                                                                                                                                                                                                                                                                          SHA512:436b02c2a81107012408c130523f42b9d0ebc5977bee8f606c34511fd34f1dbfe7ec4c28e7222952d15f2eab1f05df790b48ed235dc75138eb311d0a68ebed65
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:12288:zqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgavTB:zqDEvCTbMWu7rQYlBQcBiT6rprG8aLB
                                                                                                                                                                                                                                                                                                                                                          TLSH:7A159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13A81D79BE701B1563E7A3
                                                                                                                                                                                                                                                                                                                                                          File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....
                                                                                                                                                                                                                                                                                                                                                          Icon Hash:aaf3e3e3938382a0
                                                                                                                                                                                                                                                                                                                                                          Entrypoint:0x420577
                                                                                                                                                                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                                                                          Digitally signed:false
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                                                                          Time Stamp:0x673DD34E [Wed Nov 20 12:17:18 2024 UTC]
                                                                                                                                                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                                                                          OS Version Major:5
                                                                                                                                                                                                                                                                                                                                                          OS Version Minor:1
                                                                                                                                                                                                                                                                                                                                                          File Version Major:5
                                                                                                                                                                                                                                                                                                                                                          File Version Minor:1
                                                                                                                                                                                                                                                                                                                                                          Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                                                                          Subsystem Version Minor:1
                                                                                                                                                                                                                                                                                                                                                          Import Hash:948cc502fe9226992dce9417f952fce3
                                                                                                                                                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                                                                                                                                                          call 00007FA8D8DCD763h
                                                                                                                                                                                                                                                                                                                                                          jmp 00007FA8D8DCD06Fh
                                                                                                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                                                                                                          push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                          mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                          call 00007FA8D8DCD24Dh
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [esi], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                          mov eax, esi
                                                                                                                                                                                                                                                                                                                                                          pop esi
                                                                                                                                                                                                                                                                                                                                                          pop ebp
                                                                                                                                                                                                                                                                                                                                                          retn 0004h
                                                                                                                                                                                                                                                                                                                                                          and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                          mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                          and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [ecx], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                                                                                                          push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                          mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                          call 00007FA8D8DCD21Ah
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [esi], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                          mov eax, esi
                                                                                                                                                                                                                                                                                                                                                          pop esi
                                                                                                                                                                                                                                                                                                                                                          pop ebp
                                                                                                                                                                                                                                                                                                                                                          retn 0004h
                                                                                                                                                                                                                                                                                                                                                          and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                          mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                          and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [ecx+04h], 0049FE14h
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [ecx], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                                                                                                          mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                          lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                          and dword ptr [eax], 00000000h
                                                                                                                                                                                                                                                                                                                                                          and dword ptr [eax+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                                                                                                          mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                          add eax, 04h
                                                                                                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                                                                                                          call 00007FA8D8DCFE0Dh
                                                                                                                                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                                                                                                                                          mov eax, esi
                                                                                                                                                                                                                                                                                                                                                          pop esi
                                                                                                                                                                                                                                                                                                                                                          pop ebp
                                                                                                                                                                                                                                                                                                                                                          retn 0004h
                                                                                                                                                                                                                                                                                                                                                          lea eax, dword ptr [ecx+04h]
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [ecx], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                                                                                                          call 00007FA8D8DCFE58h
                                                                                                                                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                                                                                                          mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                          lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                                                                                                          call 00007FA8D8DCFE41h
                                                                                                                                                                                                                                                                                                                                                          test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                                                                                                                                          Programming Language:
                                                                                                                                                                                                                                                                                                                                                          • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                                                          • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000xa774.rsrc
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xdf0000x7594.reloc
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                                                                          .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                          .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                          .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                                                          .rsrc0xd40000xa7740xa8009a008e791c268e3dc6eadedd9accf16bFalse0.3674897693452381data5.611158665733IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                          .reloc0xdf0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                                                                                                                                                                                                                                                          RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                                                                                                                                                                                                                                                          RT_RCDATA0xdc7b80x1a3cdata1.0016378796902918
                                                                                                                                                                                                                                                                                                                                                          RT_GROUP_ICON0xde1f40x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                                                                                                                                                                                                                                                          RT_GROUP_ICON0xde26c0x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                          RT_GROUP_ICON0xde2800x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                                                                                                                                                                          RT_GROUP_ICON0xde2940x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                          RT_VERSION0xde2a80xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                                                                                                                                                                                                                                                          RT_MANIFEST0xde3840x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823
                                                                                                                                                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                                                                                                                                                          WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                                                                                                                                                                                                                                                                          VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                                                                                                                                                                                                                                                          WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                                                                                                                                                                          COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                                                                                                                                                                                                                                                                          MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                                                                                                                                                                                                                                                                          WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                                                                                                                                                                                                                                                                          PSAPI.DLLGetProcessMemoryInfo
                                                                                                                                                                                                                                                                                                                                                          IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                                                                                                                                                                                                                                                                          USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                                                                                                                                                                                                                                                                          UxTheme.dllIsThemeActive
                                                                                                                                                                                                                                                                                                                                                          KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                                                                                                                                                                                                                                                                          USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                                                                                                                                                                                                                                                                          GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                                                                                                                                                                                                                                                                          COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                                                                                                                          ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                                                                                                                                                                                                                                                                          SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                                                                                                                                                                                                                                                                          ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                                                                                                                                                                                                                                                          OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture
                                                                                                                                                                                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                                                                          EnglishGreat Britain
                                                                                                                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.588239908 CET50808443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.588282108 CET4435080835.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.588792086 CET50809443192.168.2.6142.250.186.142
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.588824034 CET44350809142.250.186.142192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.589051008 CET50810443192.168.2.6142.250.186.142
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.589091063 CET44350810142.250.186.142192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.590204000 CET50809443192.168.2.6142.250.186.142
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.590207100 CET50808443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.590306044 CET50810443192.168.2.6142.250.186.142
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.595822096 CET50808443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.595856905 CET4435080835.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.597254038 CET50809443192.168.2.6142.250.186.142
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.597279072 CET44350809142.250.186.142192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.598545074 CET50810443192.168.2.6142.250.186.142
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.598565102 CET44350810142.250.186.142192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.918948889 CET50814443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.918972969 CET4435081434.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.928020954 CET50814443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.929805994 CET50814443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.929821968 CET4435081434.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.945709944 CET50815443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.945729971 CET4435081535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.954596996 CET50815443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.954737902 CET50815443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.954749107 CET4435081535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.956243038 CET50816443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.956276894 CET4435081634.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.956365108 CET50816443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.957736969 CET50816443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.957750082 CET4435081634.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.081801891 CET4435080835.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.081965923 CET50808443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.144897938 CET5081980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.149329901 CET50808443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.149364948 CET4435080835.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.149465084 CET50808443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.149673939 CET4435080835.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.152021885 CET805081934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.156347990 CET50808443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.156517029 CET5081980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.160459995 CET5081980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.165389061 CET805081934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.184434891 CET50820443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.184463978 CET4435082034.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.184730053 CET50820443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.184906006 CET50820443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.184916019 CET4435082034.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.241729021 CET44350810142.250.186.142192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.241849899 CET50810443192.168.2.6142.250.186.142
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.242454052 CET44350810142.250.186.142192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.242826939 CET50810443192.168.2.6142.250.186.142
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.246670008 CET50810443192.168.2.6142.250.186.142
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.246689081 CET44350810142.250.186.142192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.246807098 CET50810443192.168.2.6142.250.186.142
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.246890068 CET44350810142.250.186.142192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.246973038 CET50810443192.168.2.6142.250.186.142
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.257467985 CET44350809142.250.186.142192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.257548094 CET50809443192.168.2.6142.250.186.142
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.258488894 CET44350809142.250.186.142192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.258606911 CET50809443192.168.2.6142.250.186.142
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.262326002 CET50809443192.168.2.6142.250.186.142
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.262336969 CET44350809142.250.186.142192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.262423992 CET50809443192.168.2.6142.250.186.142
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.262589931 CET44350809142.250.186.142192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.262650967 CET50809443192.168.2.6142.250.186.142
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.415533066 CET4435081434.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.415549040 CET4435081434.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.415612936 CET50814443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.419766903 CET50814443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.419778109 CET4435081434.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.419891119 CET50814443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.420017004 CET4435081434.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.420072079 CET50814443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.420300961 CET50821443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.420341969 CET4435082134.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.420497894 CET50821443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.421993971 CET50821443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.422015905 CET4435082134.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.431328058 CET4435081634.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.431406021 CET50816443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.436623096 CET50816443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.436630011 CET4435081634.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.436733961 CET50816443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.436914921 CET4435081634.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.437098980 CET50822443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.437131882 CET4435082234.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.437144041 CET50816443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.437212944 CET50822443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.438555002 CET50822443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.438570023 CET4435082234.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.455573082 CET4435081535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.455589056 CET4435081535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.455652952 CET50815443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.458880901 CET50815443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.458893061 CET4435081535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.459139109 CET4435081535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.462167978 CET50815443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.462259054 CET50815443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.462325096 CET4435081535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.462404966 CET50815443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.630160093 CET805081934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.631699085 CET5081980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.637428045 CET805081934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.644875050 CET4435082034.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.646569014 CET5081980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.646625996 CET50820443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.653244972 CET50820443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.653259993 CET4435082034.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.653605938 CET4435082034.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.656184912 CET50820443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.656317949 CET50820443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.656343937 CET4435082034.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.656771898 CET50824443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.656812906 CET4435082434.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.662137032 CET50820443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.662152052 CET50820443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.662200928 CET50824443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.662547112 CET50824443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.662559032 CET4435082434.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.220223904 CET4435082234.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.220340967 CET50822443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.220721006 CET4435082134.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.224855900 CET50822443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.224868059 CET4435082234.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.224961042 CET50822443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.225052118 CET4435082234.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.225158930 CET50822443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.225398064 CET50821443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.229322910 CET50821443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.229335070 CET4435082134.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.229441881 CET50821443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.229495049 CET4435082134.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.231142998 CET4435082434.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.232634068 CET50821443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.232671976 CET50824443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.265294075 CET50824443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.265325069 CET4435082434.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.266218901 CET4435082434.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.267565966 CET50824443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.267648935 CET50824443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.267996073 CET4435082434.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.271533012 CET50824443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.271550894 CET50824443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.434429884 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.439361095 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.446481943 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.446680069 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.452316046 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.838717937 CET50836443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.838740110 CET4435083634.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.871519089 CET50836443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.897401094 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.926368952 CET50836443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.926418066 CET4435083634.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.952491045 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:16.411994934 CET4435083634.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:16.412014961 CET4435083634.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:16.412096024 CET50836443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:16.416960001 CET50836443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:16.416966915 CET4435083634.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:16.417057991 CET50836443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:16.417135954 CET4435083634.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:16.417206049 CET50836443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:19.683425903 CET50860443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:19.683485031 CET4435086034.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:19.688503981 CET50860443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:19.708233118 CET50860443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:19.708256960 CET4435086034.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:19.716996908 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:19.724534035 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:19.724741936 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:19.724904060 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:19.729865074 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:20.176084042 CET4435086034.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:20.176194906 CET50860443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:20.180283070 CET50860443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:20.180299997 CET4435086034.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:20.180568933 CET4435086034.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:20.180610895 CET50860443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:20.180634975 CET4435086034.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:20.188436031 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:20.227933884 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:20.395334005 CET4435086034.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:20.412550926 CET50860443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:20.827280998 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:20.832288980 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:20.900402069 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:20.905369997 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:20.922697067 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:20.968590975 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:20.998538971 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:21.037642956 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:23.999021053 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:24.004492044 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:24.096065044 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:24.161550999 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.395626068 CET50907443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.395674944 CET4435090734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.395749092 CET50907443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.410500050 CET50907443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.410518885 CET4435090734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.435535908 CET50908443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.435570955 CET4435090834.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.437648058 CET50908443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.439225912 CET50908443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.439240932 CET4435090834.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.526438951 CET50909443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.526465893 CET4435090935.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.527750015 CET50909443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.527858019 CET50909443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.527865887 CET4435090935.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.882211924 CET4435090734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.882419109 CET50907443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.888139009 CET50907443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.888155937 CET4435090734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.888258934 CET50907443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.888333082 CET4435090734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.888389111 CET50907443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.901329994 CET4435090834.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.901683092 CET50908443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.906004906 CET50908443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.906018972 CET4435090834.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.906107903 CET50908443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.906250954 CET4435090834.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.906307936 CET50908443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.988308907 CET4435090935.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.988394022 CET50909443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.991341114 CET50909443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.991350889 CET4435090935.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.991606951 CET4435090935.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.993582010 CET50909443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.993686914 CET50909443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.993742943 CET4435090935.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.993828058 CET50909443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.303458929 CET50914443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.303491116 CET4435091434.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.303558111 CET50914443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.304943085 CET50914443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.304958105 CET4435091434.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.388684988 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.396342993 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.401681900 CET50915443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.401704073 CET4435091534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.401767969 CET50915443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.403275013 CET50915443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.403291941 CET4435091534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.491965055 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.528974056 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.536005020 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.547032118 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.688172102 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.732036114 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.856411934 CET4435091434.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.856612921 CET50914443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.861974955 CET50914443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.861982107 CET4435091434.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.862080097 CET50914443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.862258911 CET4435091434.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.862315893 CET50914443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.963258028 CET4435091534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.963438034 CET50915443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.968513966 CET50915443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.968527079 CET4435091534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.968624115 CET50915443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.968755960 CET4435091534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.968816042 CET50915443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.977252007 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.982150078 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.987612963 CET50920443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.987667084 CET4435092034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.989619017 CET50920443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.989856958 CET50920443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.989878893 CET4435092034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.075684071 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.117640018 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.130429029 CET50923443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.130482912 CET4435092334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.130491018 CET50922443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.130558014 CET4435092234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.133308887 CET50923443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.133367062 CET50922443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.134826899 CET50923443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.134845972 CET4435092334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.134999990 CET50922443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.135020971 CET4435092234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.238164902 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.244461060 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.348987103 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.402894020 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.447604895 CET4435092034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.447679996 CET50920443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.450865984 CET50920443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.450880051 CET4435092034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.451162100 CET4435092034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.452981949 CET50920443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.453150988 CET50920443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.453181982 CET4435092034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.454231977 CET50920443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.454231977 CET50920443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.541522026 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.548434973 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.615319967 CET4435092234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.615505934 CET50922443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.620417118 CET50922443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.620429039 CET4435092234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.620683908 CET4435092234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.630953074 CET4435092334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.631752014 CET50923443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.642220974 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.650988102 CET50922443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.651005983 CET50922443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.652898073 CET4435092234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.653347969 CET50923443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.653371096 CET4435092334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.653419018 CET50923443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.653749943 CET4435092334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.656770945 CET50923443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.656800985 CET50922443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.666857004 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.666919947 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.671750069 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.672058105 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.812417030 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.816184044 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.827348948 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.835089922 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.866619110 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.928637028 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.989089012 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.715327978 CET50946443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.715358019 CET4435094634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.715965033 CET50946443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.717528105 CET50946443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.717542887 CET4435094634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:32.193497896 CET4435094634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:32.193670988 CET50946443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:32.199404955 CET50946443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:32.199421883 CET4435094634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:32.199527979 CET50946443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:32.199626923 CET4435094634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:32.199804068 CET50946443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:33.164971113 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:33.169887066 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:33.267363071 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:33.312266111 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:33.389065981 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:33.395359039 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:33.485510111 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:33.528451920 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.948826075 CET51007443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.948860884 CET4435100734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.949022055 CET51007443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.949157000 CET51007443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.949174881 CET4435100734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.954627991 CET51008443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.954670906 CET4435100835.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.954837084 CET51008443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.955037117 CET51008443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.955058098 CET4435100835.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.959260941 CET51009443192.168.2.6151.101.1.91
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.959299088 CET44351009151.101.1.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.959388971 CET51009443192.168.2.6151.101.1.91
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.959589958 CET51009443192.168.2.6151.101.1.91
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.959604979 CET44351009151.101.1.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.421688080 CET4435100835.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.421834946 CET51008443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.423070908 CET4435100734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.425359964 CET51008443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.425369024 CET4435100835.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.425632954 CET4435100835.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.426378965 CET44351009151.101.1.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.430540085 CET51007443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.431334972 CET44351009151.101.1.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.431385040 CET51009443192.168.2.6151.101.1.91
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.433465004 CET51007443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.433484077 CET4435100734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.433803082 CET4435100734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.433830023 CET51009443192.168.2.6151.101.1.91
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.436676025 CET51009443192.168.2.6151.101.1.91
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.436686993 CET44351009151.101.1.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.436996937 CET44351009151.101.1.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.442745924 CET51008443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.442840099 CET51008443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.442990065 CET4435100835.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.444317102 CET51007443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.444380045 CET51007443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.444457054 CET51009443192.168.2.6151.101.1.91
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.444524050 CET51009443192.168.2.6151.101.1.91
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.444590092 CET4435100734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.444675922 CET44351009151.101.1.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.447845936 CET51009443192.168.2.6151.101.1.91
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.447901964 CET51008443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.447912931 CET51009443192.168.2.6151.101.1.91
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.447913885 CET51007443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.460431099 CET51014443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.460484982 CET4435101435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.460721970 CET51014443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.460851908 CET51014443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.460860014 CET4435101435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.463331938 CET51015443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.463376045 CET4435101535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.464211941 CET51015443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.464350939 CET51015443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.464365005 CET4435101535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.466908932 CET51016443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.466944933 CET4435101635.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.467078924 CET51016443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.467186928 CET51016443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.467200994 CET4435101635.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.484143019 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.484646082 CET51018443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.484688997 CET4435101835.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.490288019 CET51018443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.491980076 CET51018443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.492002964 CET4435101835.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.492018938 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.507209063 CET51019443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.507242918 CET4435101935.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.521244049 CET51019443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.522938013 CET51019443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.522953033 CET4435101935.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.582417011 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.586481094 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.595407009 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.637309074 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.684730053 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.737637043 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.928356886 CET4435101435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.928478003 CET51014443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.931277990 CET4435101535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.931421041 CET51015443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.931740999 CET51014443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.931754112 CET4435101435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.932055950 CET4435101435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.934248924 CET4435101635.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.935743093 CET51015443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.935770988 CET4435101535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.936083078 CET4435101535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.936172962 CET51016443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.939783096 CET51016443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.939817905 CET4435101635.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.940138102 CET4435101635.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.943686008 CET51014443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.944128036 CET4435101435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.944281101 CET51014443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.944576979 CET51014443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.944597006 CET4435101435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.945405006 CET51015443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.945497036 CET51015443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.945674896 CET4435101535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.946038008 CET51016443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.946119070 CET51016443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.946259022 CET4435101635.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.948151112 CET4435101835.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.952539921 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.953010082 CET51015443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.953031063 CET51016443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.953044891 CET51018443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.957523108 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.959742069 CET51018443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.959754944 CET4435101835.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.959830046 CET51018443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.960014105 CET4435101835.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.960179090 CET51018443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.986221075 CET4435101935.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.986237049 CET4435101935.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.986295938 CET51019443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.991398096 CET51019443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.991431952 CET4435101935.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.991498947 CET51019443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.991651058 CET4435101935.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.993294001 CET51019443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.007491112 CET51021443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.007535934 CET4435102134.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.008188009 CET51021443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.008343935 CET51021443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.008354902 CET4435102134.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.053170919 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.057856083 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.066593885 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.107594013 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.156647921 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.207957983 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.488338947 CET4435102134.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.488436937 CET51021443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.491942883 CET51021443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.491956949 CET4435102134.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.492212057 CET4435102134.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.495093107 CET51021443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.495270014 CET4435102134.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.495277882 CET51021443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.495285988 CET4435102134.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.497469902 CET51021443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.498924971 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.509833097 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.620759964 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.625180960 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.632354021 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.671646118 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.720029116 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.771924019 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:43.174920082 CET51033443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:43.174954891 CET4435103334.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:43.176966906 CET51033443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:43.183047056 CET51033443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:43.183083057 CET4435103334.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:43.662633896 CET4435103334.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:43.662714005 CET51033443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:43.668375015 CET51033443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:43.668395042 CET4435103334.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:43.668509007 CET51033443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:43.668548107 CET4435103334.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:43.669291973 CET51033443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:43.671966076 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:43.679498911 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:43.770255089 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:43.773956060 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:43.778790951 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:43.813214064 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:43.871100903 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:43.913511992 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:44.427855968 CET51905443192.168.2.6142.250.65.238
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:44.427882910 CET44351905142.250.65.238192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:44.428328037 CET51905443192.168.2.6142.250.65.238
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:44.428515911 CET51905443192.168.2.6142.250.65.238
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:44.428535938 CET44351905142.250.65.238192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:44.903400898 CET44351905142.250.65.238192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:44.904179096 CET44351905142.250.65.238192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:44.904774904 CET51905443192.168.2.6142.250.65.238
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:44.904803038 CET44351905142.250.65.238192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:44.908468962 CET51905443192.168.2.6142.250.65.238
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:44.908480883 CET44351905142.250.65.238192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:44.908826113 CET44351905142.250.65.238192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:44.911951065 CET51905443192.168.2.6142.250.65.238
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:44.912012100 CET51905443192.168.2.6142.250.65.238
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:44.912237883 CET44351905142.250.65.238192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:44.915836096 CET51905443192.168.2.6142.250.65.238
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:44.917608023 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:44.926806927 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:45.016253948 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:45.020421982 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:45.025283098 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:45.063659906 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:45.115000963 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:45.163969994 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:55.031267881 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:55.036427975 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:55.131593943 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:55.139230013 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:03.766199112 CET51960443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:03.766225100 CET4435196034.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:03.766295910 CET51960443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:03.767910004 CET51960443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:03.767925024 CET4435196034.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:04.223014116 CET4435196034.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:04.223164082 CET51960443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:04.228293896 CET51960443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:04.228312016 CET4435196034.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:04.228411913 CET51960443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:04.228462934 CET4435196034.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:04.228548050 CET51960443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:04.231230974 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:04.236064911 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:04.331671953 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:04.335597992 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:04.342608929 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:04.387156010 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:04.430867910 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:04.487526894 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.331688881 CET51962443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.331715107 CET4435196234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.331841946 CET51963443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.331876993 CET4435196334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.331983089 CET51964443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.332012892 CET4435196434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.332104921 CET51965443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.332149982 CET4435196534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.332235098 CET51966443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.332242966 CET4435196634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.332351923 CET51967443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.332359076 CET4435196734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.333143950 CET51962443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.333153009 CET51964443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.333158016 CET51963443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.333173037 CET51966443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.333174944 CET51965443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.333174944 CET51967443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.333352089 CET51962443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.333364964 CET4435196234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.333471060 CET51967443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.333483934 CET4435196734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.333554029 CET51966443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.333570004 CET4435196634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.333630085 CET51965443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.333641052 CET4435196534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.333704948 CET51964443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.333714008 CET4435196434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.333774090 CET51963443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.333796024 CET4435196334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.824259043 CET4435196634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.824347019 CET51966443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.824506044 CET4435196434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.824820995 CET51964443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.827877998 CET51966443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.827893019 CET4435196634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.828180075 CET4435196634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.828463078 CET4435196534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.828588963 CET51965443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.828758955 CET4435196234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.829286098 CET51962443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.830625057 CET51964443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.830636978 CET4435196434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.830923080 CET4435196434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.831271887 CET4435196334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.833802938 CET51965443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.833827972 CET4435196534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.834141016 CET4435196534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.836311102 CET51962443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.836328030 CET4435196234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.836658001 CET4435196234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.839325905 CET4435196334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.839919090 CET51966443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.840140104 CET4435196634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.840229034 CET51966443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.840236902 CET4435196634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.840598106 CET51963443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.841257095 CET51964443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.841365099 CET51964443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.844182014 CET51963443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.844189882 CET4435196334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.844443083 CET4435196334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.845593929 CET51968443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.845632076 CET4435196834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.845783949 CET51965443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.845870018 CET51965443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.845972061 CET4435196534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.846349001 CET51969443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.846391916 CET4435196934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.847747087 CET51962443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.847825050 CET51962443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.847984076 CET4435196234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.848443985 CET51963443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.848516941 CET51963443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.848591089 CET4435196334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.849602938 CET51965443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.849620104 CET51962443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.849636078 CET51963443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.849658012 CET51968443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.849661112 CET51969443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.849818945 CET51968443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.849832058 CET4435196834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.849900961 CET51969443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.849916935 CET4435196934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.870640039 CET4435196734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.870738029 CET51967443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.874142885 CET51967443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.874169111 CET4435196734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.874371052 CET4435196734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.877218962 CET51967443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.877357006 CET51967443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.877527952 CET4435196734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.877846003 CET51967443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.888331890 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.895781994 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.987001896 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.001837015 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.008521080 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.041059971 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.051330090 CET4435196634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.051487923 CET51966443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.096877098 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.141335011 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.325514078 CET4435196834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.325592995 CET51968443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.328805923 CET51968443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.328825951 CET4435196834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.329090118 CET4435196834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.331231117 CET51968443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.331338882 CET51968443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.331423044 CET4435196834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.331475019 CET51968443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.334280968 CET4435196934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.334785938 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.335000038 CET51969443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.338114023 CET51969443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.338123083 CET4435196934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.338356972 CET4435196934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.340444088 CET51969443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.340559006 CET51969443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.340595007 CET4435196934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.340709925 CET51969443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.341483116 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.433439970 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.479979992 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.495354891 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.503479958 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.593872070 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.642975092 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:14.133789062 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:14.138822079 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:14.231965065 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:14.239624977 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:14.248322010 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:14.285361052 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:14.396898985 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:14.448061943 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:24.246583939 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:24.252065897 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:24.400264025 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:24.408253908 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:34.259737015 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:34.264609098 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:34.429017067 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:34.433906078 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:44.272914886 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:44.278323889 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:44.401557922 CET51973443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:44.401612997 CET4435197334.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:44.401765108 CET51973443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:44.403278112 CET51973443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:44.403297901 CET4435197334.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:44.435678959 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:44.440660000 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:44.872176886 CET4435197334.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:44.872411013 CET51973443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:44.877613068 CET51973443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:44.877620935 CET4435197334.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:44.877733946 CET51973443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:44.877809048 CET4435197334.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:44.877938032 CET51973443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:44.880534887 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:44.885735989 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:44.979408979 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:44.983392954 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:44.989291906 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:45.021445990 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:45.080324888 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:45.121737003 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:54.988507032 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:54.993442059 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:55.088789940 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:55.093676090 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:29:04.994741917 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:29:05.001609087 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:29:05.095132113 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:29:05.100918055 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:29:15.016215086 CET5086180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:29:15.023289919 CET805086134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:29:15.100883007 CET5083080192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:29:15.105866909 CET805083034.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.565107107 CET5920453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.572503090 CET53592041.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.574242115 CET6260653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.581466913 CET53626061.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.590882063 CET5296853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.591169119 CET6062553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.597891092 CET53529681.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.599648952 CET53606251.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.600444078 CET5907153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.600975037 CET5025353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.608041048 CET53590711.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.608752012 CET53502531.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.907891989 CET5410153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.917455912 CET53541011.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.919444084 CET5573353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.928788900 CET53557331.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.939635038 CET6045353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.943283081 CET5274553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.946192026 CET6364453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.949076891 CET53604531.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.951195955 CET53527451.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.953885078 CET53636441.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.955411911 CET5390353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.958657980 CET6023953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.962240934 CET53539031.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.966747999 CET53602391.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.967730045 CET5943053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.975168943 CET53594301.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.142393112 CET5421153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.149708986 CET53542111.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.157145023 CET6422853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.164994001 CET53642281.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.175570011 CET5077153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.182909966 CET53507711.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.184636116 CET5236053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.192543030 CET53523601.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.193342924 CET5807853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.200263977 CET53580781.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.591512918 CET5580553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.684422016 CET53526021.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.920253992 CET5769753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.921020985 CET5341753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.066701889 CET6301053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.431711912 CET53534171.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.431768894 CET53576971.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:19.717987061 CET5238453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:19.727834940 CET53523841.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:19.729407072 CET5724653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:19.739155054 CET53572461.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:19.739959002 CET5116453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:19.769149065 CET53511641.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:24.024039984 CET5181553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:24.033318996 CET53518151.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:24.040477991 CET5379553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:24.049920082 CET53537951.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:24.052206993 CET5715653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:24.063867092 CET53571561.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.395803928 CET6080153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.405087948 CET53608011.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.405917883 CET6077253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.415150881 CET53607721.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.513890028 CET5437353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.523418903 CET53543731.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.295537949 CET5829553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.302520990 CET53582951.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.303739071 CET6549353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.310353041 CET53654931.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.311048031 CET5961953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.317631960 CET53596191.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.515558958 CET5490953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.525065899 CET53549091.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.878499985 CET5433053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.878954887 CET5825453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.879380941 CET6387053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.887227058 CET53543301.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.887501001 CET53582541.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.888283968 CET5058353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.888322115 CET53638701.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.889183044 CET5413753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.889333963 CET6106353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.896784067 CET53505831.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.897505045 CET4947353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.897635937 CET53610631.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.898087978 CET5015353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.898309946 CET53541371.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.898780107 CET5281253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.906011105 CET53494731.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.906881094 CET6239853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.907521963 CET53528121.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.907532930 CET53501531.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.908312082 CET5768253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.913944006 CET53623981.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.914973974 CET6099753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.915020943 CET53576821.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.915693998 CET5699053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.922399998 CET53569901.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.922410965 CET53609971.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.923165083 CET6408553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.923249006 CET5741253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.929841042 CET53640851.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.930262089 CET53574121.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.945815086 CET6167853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.955781937 CET5913053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.958360910 CET53616781.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.959924936 CET5519953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.965756893 CET53591301.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.970268011 CET53551991.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.971084118 CET5229553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.980560064 CET53522951.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.494343996 CET5436253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.501811028 CET53543621.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.508466959 CET5484853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.517823935 CET53548481.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.523930073 CET5223553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.530844927 CET53522351.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:43.172621012 CET5711053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:43.182265043 CET53571101.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:43.186666012 CET5012953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:43.196887016 CET53501291.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:43.968106031 CET53606221.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:03.757981062 CET5650053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:03.765070915 CET53565001.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:03.765887022 CET6294653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:03.789459944 CET53629461.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:04.231559992 CET6100953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.329008102 CET5937853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.336273909 CET53593781.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:44.392946959 CET5988853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:44.400401115 CET53598881.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:44.401472092 CET6405753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:44.409729004 CET53640571.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.565107107 CET192.168.2.61.1.1.10xc157Standard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.574242115 CET192.168.2.61.1.1.10x803Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.590882063 CET192.168.2.61.1.1.10x1521Standard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.591169119 CET192.168.2.61.1.1.10xaf25Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.600444078 CET192.168.2.61.1.1.10x717bStandard query (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.600975037 CET192.168.2.61.1.1.10x62aStandard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.907891989 CET192.168.2.61.1.1.10xadd5Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.919444084 CET192.168.2.61.1.1.10xca5fStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.939635038 CET192.168.2.61.1.1.10x833cStandard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.943283081 CET192.168.2.61.1.1.10x7b59Standard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.946192026 CET192.168.2.61.1.1.10xa6a5Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.955411911 CET192.168.2.61.1.1.10xc1fbStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.958657980 CET192.168.2.61.1.1.10x4a6aStandard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.967730045 CET192.168.2.61.1.1.10x30b1Standard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.142393112 CET192.168.2.61.1.1.10x5758Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.157145023 CET192.168.2.61.1.1.10xa8fbStandard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.175570011 CET192.168.2.61.1.1.10x204Standard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.184636116 CET192.168.2.61.1.1.10xade2Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.193342924 CET192.168.2.61.1.1.10x3bc5Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.591512918 CET192.168.2.61.1.1.10x5522Standard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.920253992 CET192.168.2.61.1.1.10x13bStandard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.921020985 CET192.168.2.61.1.1.10xcc6dStandard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.066701889 CET192.168.2.61.1.1.10x6784Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:19.717987061 CET192.168.2.61.1.1.10x90c7Standard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:19.729407072 CET192.168.2.61.1.1.10x27c3Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:19.739959002 CET192.168.2.61.1.1.10xbb85Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:24.024039984 CET192.168.2.61.1.1.10x35fdStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:24.040477991 CET192.168.2.61.1.1.10x7a63Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:24.052206993 CET192.168.2.61.1.1.10xfe7bStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.395803928 CET192.168.2.61.1.1.10x7e82Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.405917883 CET192.168.2.61.1.1.10x2aaaStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.513890028 CET192.168.2.61.1.1.10x613bStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.295537949 CET192.168.2.61.1.1.10xaa35Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.303739071 CET192.168.2.61.1.1.10x4faeStandard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.311048031 CET192.168.2.61.1.1.10x6ff5Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.515558958 CET192.168.2.61.1.1.10x2d68Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.878499985 CET192.168.2.61.1.1.10x1951Standard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.878954887 CET192.168.2.61.1.1.10x889cStandard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.879380941 CET192.168.2.61.1.1.10x97e5Standard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.888283968 CET192.168.2.61.1.1.10x43d0Standard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.889183044 CET192.168.2.61.1.1.10x8112Standard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.889333963 CET192.168.2.61.1.1.10xe2baStandard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.897505045 CET192.168.2.61.1.1.10x9fefStandard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.898087978 CET192.168.2.61.1.1.10xfe70Standard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.898780107 CET192.168.2.61.1.1.10xfacaStandard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.906881094 CET192.168.2.61.1.1.10x4108Standard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.908312082 CET192.168.2.61.1.1.10xa9bcStandard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.914973974 CET192.168.2.61.1.1.10x3437Standard query (0)dualstack.reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.915693998 CET192.168.2.61.1.1.10xaf80Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.923165083 CET192.168.2.61.1.1.10x6514Standard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.923249006 CET192.168.2.61.1.1.10xabaStandard query (0)dualstack.reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.945815086 CET192.168.2.61.1.1.10xb96dStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.955781937 CET192.168.2.61.1.1.10x186fStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.959924936 CET192.168.2.61.1.1.10x200dStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.971084118 CET192.168.2.61.1.1.10x416Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.494343996 CET192.168.2.61.1.1.10x4d4cStandard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.508466959 CET192.168.2.61.1.1.10x4271Standard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.523930073 CET192.168.2.61.1.1.10x52d7Standard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:43.172621012 CET192.168.2.61.1.1.10x9b47Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:43.186666012 CET192.168.2.61.1.1.10x8c30Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:03.757981062 CET192.168.2.61.1.1.10xb477Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:03.765887022 CET192.168.2.61.1.1.10xc1a5Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:04.231559992 CET192.168.2.61.1.1.10xe921Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.329008102 CET192.168.2.61.1.1.10xd934Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:44.392946959 CET192.168.2.61.1.1.10xccd4Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:44.401472092 CET192.168.2.61.1.1.10xc41bStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.572503090 CET1.1.1.1192.168.2.60xc157No error (0)youtube.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.575773001 CET1.1.1.1192.168.2.60xc8dbNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.597891092 CET1.1.1.1192.168.2.60x1521No error (0)youtube.com142.250.184.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.599648952 CET1.1.1.1192.168.2.60xaf25No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.608041048 CET1.1.1.1192.168.2.60x717bNo error (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.917455912 CET1.1.1.1192.168.2.60xadd5No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.928788900 CET1.1.1.1192.168.2.60xca5fNo error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.940104961 CET1.1.1.1192.168.2.60xfcc5No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.940104961 CET1.1.1.1192.168.2.60xfcc5No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.951195955 CET1.1.1.1192.168.2.60x7b59No error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.951195955 CET1.1.1.1192.168.2.60x7b59No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.953885078 CET1.1.1.1192.168.2.60xa6a5No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:13.966747999 CET1.1.1.1192.168.2.60x4a6aNo error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.149708986 CET1.1.1.1192.168.2.60x5758No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.164994001 CET1.1.1.1192.168.2.60xa8fbNo error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.182909966 CET1.1.1.1192.168.2.60x204No error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.182909966 CET1.1.1.1192.168.2.60x204No error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.182909966 CET1.1.1.1192.168.2.60x204No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.192543030 CET1.1.1.1192.168.2.60xade2No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.200263977 CET1.1.1.1192.168.2.60x3bc5No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.601856947 CET1.1.1.1192.168.2.60x5522No error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.431711912 CET1.1.1.1192.168.2.60xcc6dNo error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.431711912 CET1.1.1.1192.168.2.60xcc6dNo error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.431768894 CET1.1.1.1192.168.2.60x13bNo error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.431780100 CET1.1.1.1192.168.2.60x6784No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.431780100 CET1.1.1.1192.168.2.60x6784No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:19.727834940 CET1.1.1.1192.168.2.60x90c7No error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:19.727834940 CET1.1.1.1192.168.2.60x90c7No error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:19.727834940 CET1.1.1.1192.168.2.60x90c7No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:19.739155054 CET1.1.1.1192.168.2.60x27c3No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:24.033318996 CET1.1.1.1192.168.2.60x35fdNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:24.049920082 CET1.1.1.1192.168.2.60x7a63No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.394541025 CET1.1.1.1192.168.2.60x79e5No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.405087948 CET1.1.1.1192.168.2.60x7e82No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.521291971 CET1.1.1.1192.168.2.60xf898No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:25.521291971 CET1.1.1.1192.168.2.60xf898No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.302520990 CET1.1.1.1192.168.2.60xaa35No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.302520990 CET1.1.1.1192.168.2.60xaa35No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.310353041 CET1.1.1.1192.168.2.60x4faeNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.400681019 CET1.1.1.1192.168.2.60xcdfcNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.887227058 CET1.1.1.1192.168.2.60x1951No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.887227058 CET1.1.1.1192.168.2.60x1951No error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.887227058 CET1.1.1.1192.168.2.60x1951No error (0)youtube-ui.l.google.com142.250.181.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.887227058 CET1.1.1.1192.168.2.60x1951No error (0)youtube-ui.l.google.com142.250.186.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.887227058 CET1.1.1.1192.168.2.60x1951No error (0)youtube-ui.l.google.com216.58.212.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.887227058 CET1.1.1.1192.168.2.60x1951No error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.887227058 CET1.1.1.1192.168.2.60x1951No error (0)youtube-ui.l.google.com142.250.184.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.887227058 CET1.1.1.1192.168.2.60x1951No error (0)youtube-ui.l.google.com216.58.206.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.887227058 CET1.1.1.1192.168.2.60x1951No error (0)youtube-ui.l.google.com142.250.185.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.887227058 CET1.1.1.1192.168.2.60x1951No error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.887227058 CET1.1.1.1192.168.2.60x1951No error (0)youtube-ui.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.887227058 CET1.1.1.1192.168.2.60x1951No error (0)youtube-ui.l.google.com216.58.206.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.887227058 CET1.1.1.1192.168.2.60x1951No error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.887227058 CET1.1.1.1192.168.2.60x1951No error (0)youtube-ui.l.google.com142.250.185.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.887227058 CET1.1.1.1192.168.2.60x1951No error (0)youtube-ui.l.google.com142.250.185.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.887227058 CET1.1.1.1192.168.2.60x1951No error (0)youtube-ui.l.google.com172.217.23.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.887227058 CET1.1.1.1192.168.2.60x1951No error (0)youtube-ui.l.google.com172.217.18.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.887501001 CET1.1.1.1192.168.2.60x889cNo error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.887501001 CET1.1.1.1192.168.2.60x889cNo error (0)star-mini.c10r.facebook.com157.240.253.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.888322115 CET1.1.1.1192.168.2.60x97e5No error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.888322115 CET1.1.1.1192.168.2.60x97e5No error (0)dyna.wikimedia.org185.15.59.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.896784067 CET1.1.1.1192.168.2.60x43d0No error (0)youtube-ui.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.896784067 CET1.1.1.1192.168.2.60x43d0No error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.896784067 CET1.1.1.1192.168.2.60x43d0No error (0)youtube-ui.l.google.com172.217.23.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.896784067 CET1.1.1.1192.168.2.60x43d0No error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.896784067 CET1.1.1.1192.168.2.60x43d0No error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.896784067 CET1.1.1.1192.168.2.60x43d0No error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.896784067 CET1.1.1.1192.168.2.60x43d0No error (0)youtube-ui.l.google.com216.58.206.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.896784067 CET1.1.1.1192.168.2.60x43d0No error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.896784067 CET1.1.1.1192.168.2.60x43d0No error (0)youtube-ui.l.google.com142.250.185.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.896784067 CET1.1.1.1192.168.2.60x43d0No error (0)youtube-ui.l.google.com216.58.212.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.896784067 CET1.1.1.1192.168.2.60x43d0No error (0)youtube-ui.l.google.com216.58.212.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.896784067 CET1.1.1.1192.168.2.60x43d0No error (0)youtube-ui.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.896784067 CET1.1.1.1192.168.2.60x43d0No error (0)youtube-ui.l.google.com142.250.74.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.896784067 CET1.1.1.1192.168.2.60x43d0No error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.896784067 CET1.1.1.1192.168.2.60x43d0No error (0)youtube-ui.l.google.com142.250.184.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.896784067 CET1.1.1.1192.168.2.60x43d0No error (0)youtube-ui.l.google.com142.250.185.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.897635937 CET1.1.1.1192.168.2.60xe2baNo error (0)dyna.wikimedia.org185.15.59.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.898309946 CET1.1.1.1192.168.2.60x8112No error (0)star-mini.c10r.facebook.com157.240.0.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.906011105 CET1.1.1.1192.168.2.60x9fefNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.906011105 CET1.1.1.1192.168.2.60x9fefNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.906011105 CET1.1.1.1192.168.2.60x9fefNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.906011105 CET1.1.1.1192.168.2.60x9fefNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.907521963 CET1.1.1.1192.168.2.60xfacaNo error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.907532930 CET1.1.1.1192.168.2.60xfe70No error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.913944006 CET1.1.1.1192.168.2.60x4108No error (0)www.reddit.comdualstack.reddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.913944006 CET1.1.1.1192.168.2.60x4108No error (0)dualstack.reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.913944006 CET1.1.1.1192.168.2.60x4108No error (0)dualstack.reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.913944006 CET1.1.1.1192.168.2.60x4108No error (0)dualstack.reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.913944006 CET1.1.1.1192.168.2.60x4108No error (0)dualstack.reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.915020943 CET1.1.1.1192.168.2.60xa9bcNo error (0)twitter.com104.244.42.193A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.922399998 CET1.1.1.1192.168.2.60xaf80No error (0)twitter.com104.244.42.129A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.922410965 CET1.1.1.1192.168.2.60x3437No error (0)dualstack.reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.922410965 CET1.1.1.1192.168.2.60x3437No error (0)dualstack.reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.922410965 CET1.1.1.1192.168.2.60x3437No error (0)dualstack.reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.922410965 CET1.1.1.1192.168.2.60x3437No error (0)dualstack.reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.930262089 CET1.1.1.1192.168.2.60xabaNo error (0)dualstack.reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.930262089 CET1.1.1.1192.168.2.60xabaNo error (0)dualstack.reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.930262089 CET1.1.1.1192.168.2.60xabaNo error (0)dualstack.reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:31.930262089 CET1.1.1.1192.168.2.60xabaNo error (0)dualstack.reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.949441910 CET1.1.1.1192.168.2.60xea1dNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.949441910 CET1.1.1.1192.168.2.60xea1dNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.958360910 CET1.1.1.1192.168.2.60xb96dNo error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.958360910 CET1.1.1.1192.168.2.60xb96dNo error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.958360910 CET1.1.1.1192.168.2.60xb96dNo error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.958360910 CET1.1.1.1192.168.2.60xb96dNo error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.970268011 CET1.1.1.1192.168.2.60x200dNo error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.970268011 CET1.1.1.1192.168.2.60x200dNo error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.970268011 CET1.1.1.1192.168.2.60x200dNo error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.970268011 CET1.1.1.1192.168.2.60x200dNo error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.980560064 CET1.1.1.1192.168.2.60x416No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.980560064 CET1.1.1.1192.168.2.60x416No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.980560064 CET1.1.1.1192.168.2.60x416No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:40.980560064 CET1.1.1.1192.168.2.60x416No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.501811028 CET1.1.1.1192.168.2.60x4d4cNo error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.501811028 CET1.1.1.1192.168.2.60x4d4cNo error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.517823935 CET1.1.1.1192.168.2.60x4271No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.022120953 CET1.1.1.1192.168.2.60x7a1No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.022120953 CET1.1.1.1192.168.2.60x7a1No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:43.182265043 CET1.1.1.1192.168.2.60x9b47No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:03.765070915 CET1.1.1.1192.168.2.60xb477No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:04.238493919 CET1.1.1.1192.168.2.60xe921No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:04.238493919 CET1.1.1.1192.168.2.60xe921No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.327290058 CET1.1.1.1192.168.2.60x6953No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:44.400401115 CET1.1.1.1192.168.2.60xccd4No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          • detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                          0192.168.2.65081934.107.221.82806916C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.160459995 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:14.630160093 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Tue, 19 Nov 2024 17:35:22 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 67912
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                          1192.168.2.65083034.107.221.82806916C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.446680069 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:15.897401094 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:23:05 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 14650
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:20.827280998 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:20.922697067 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:23:05 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 14655
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:23.999021053 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:24.096065044 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:23:05 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 14659
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.528974056 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.688172102 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:23:05 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 14661
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.238164902 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.348987103 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:23:05 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 14662
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.666857004 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.812417030 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:23:05 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 14662
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.827348948 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.928637028 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:23:05 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 14662
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:33.389065981 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:33.485510111 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:23:05 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 14668
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.586481094 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.684730053 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:23:05 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 14676
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.057856083 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.156647921 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:23:05 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 14677
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.625180960 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.720029116 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:23:05 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 14677
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:43.773956060 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:43.871100903 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:23:05 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 14678
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:45.020421982 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:45.115000963 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:23:05 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 14680
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:55.131593943 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:04.335597992 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:04.430867910 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:23:05 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 14699
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.001837015 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.096877098 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:23:05 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 14707
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.495354891 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.593872070 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:23:05 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 14707
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:14.239624977 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:14.396898985 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:23:05 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 14709
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:24.400264025 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:34.429017067 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:44.435678959 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:44.983392954 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:45.080324888 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:23:05 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 14740
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:55.088789940 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:29:05.095132113 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:29:15.100883007 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:


                                                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                          2192.168.2.65086134.107.221.82806916C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:19.724904060 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:20.188436031 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:56:12 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 12668
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:20.900402069 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:20.998538971 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:56:12 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 12668
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.388684988 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.491965055 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:56:12 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 12674
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:26.977252007 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.075684071 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:56:12 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 12675
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.541522026 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.642220974 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:56:12 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 12675
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.666919947 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:27.816184044 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:56:12 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 12675
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:33.164971113 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:33.267363071 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:56:12 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 12681
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.484143019 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.582417011 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:56:12 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 12689
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:41.952539921 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.053170919 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:56:12 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 12690
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.498924971 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:42.620759964 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:56:12 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 12690
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:43.671966076 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:43.770255089 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:56:12 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 12691
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:44.917608023 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:45.016253948 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:56:12 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 12692
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:27:55.031267881 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:04.231230974 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:04.331671953 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:56:12 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 12712
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.888331890 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:11.987001896 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:56:12 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 12719
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.334785938 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:12.433439970 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:56:12 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 12720
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:14.133789062 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:14.231965065 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:56:12 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 12722
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:24.246583939 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:34.259737015 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:44.272914886 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:44.880534887 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:44.979408979 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:56:12 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 12752
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:28:54.988507032 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:29:04.994741917 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 13:29:15.016215086 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:


                                                                                                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                                                                                                                                                          Start time:07:27:05
                                                                                                                                                                                                                                                                                                                                                          Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x820000
                                                                                                                                                                                                                                                                                                                                                          File size:922'112 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:E0B2866C4C2494645E94B5EF38B9ACB8
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:1
                                                                                                                                                                                                                                                                                                                                                          Start time:07:27:06
                                                                                                                                                                                                                                                                                                                                                          Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x50000
                                                                                                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                                                                                                                                                                                          Start time:07:27:06
                                                                                                                                                                                                                                                                                                                                                          Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:4
                                                                                                                                                                                                                                                                                                                                                          Start time:07:27:08
                                                                                                                                                                                                                                                                                                                                                          Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x50000
                                                                                                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:5
                                                                                                                                                                                                                                                                                                                                                          Start time:07:27:08
                                                                                                                                                                                                                                                                                                                                                          Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:6
                                                                                                                                                                                                                                                                                                                                                          Start time:07:27:08
                                                                                                                                                                                                                                                                                                                                                          Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x50000
                                                                                                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:7
                                                                                                                                                                                                                                                                                                                                                          Start time:07:27:08
                                                                                                                                                                                                                                                                                                                                                          Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:8
                                                                                                                                                                                                                                                                                                                                                          Start time:07:27:08
                                                                                                                                                                                                                                                                                                                                                          Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x50000
                                                                                                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:9
                                                                                                                                                                                                                                                                                                                                                          Start time:07:27:08
                                                                                                                                                                                                                                                                                                                                                          Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:10
                                                                                                                                                                                                                                                                                                                                                          Start time:07:27:08
                                                                                                                                                                                                                                                                                                                                                          Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x50000
                                                                                                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:11
                                                                                                                                                                                                                                                                                                                                                          Start time:07:27:08
                                                                                                                                                                                                                                                                                                                                                          Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:12
                                                                                                                                                                                                                                                                                                                                                          Start time:07:27:09
                                                                                                                                                                                                                                                                                                                                                          Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:13
                                                                                                                                                                                                                                                                                                                                                          Start time:07:27:09
                                                                                                                                                                                                                                                                                                                                                          Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:14
                                                                                                                                                                                                                                                                                                                                                          Start time:07:27:09
                                                                                                                                                                                                                                                                                                                                                          Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                                                                          Target ID:16
                                                                                                                                                                                                                                                                                                                                                          Start time:07:27:10
                                                                                                                                                                                                                                                                                                                                                          Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2284 -parentBuildID 20230927232528 -prefsHandle 2232 -prefMapHandle 2228 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d3b9a08-6fb8-422b-b765-a43db8b920aa} 6916 "\\.\pipe\gecko-crash-server-pipe.6916" 2c215b6ef10 socket
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                                                                          Target ID:18
                                                                                                                                                                                                                                                                                                                                                          Start time:07:27:11
                                                                                                                                                                                                                                                                                                                                                          Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3816 -parentBuildID 20230927232528 -prefsHandle 3788 -prefMapHandle 3896 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1235fb2f-2ad4-4d0b-85b2-34b26d7e737e} 6916 "\\.\pipe\gecko-crash-server-pipe.6916" 2c2281e5310 rdd
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                                                                          Target ID:20
                                                                                                                                                                                                                                                                                                                                                          Start time:07:27:24
                                                                                                                                                                                                                                                                                                                                                          Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5080 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5072 -prefMapHandle 5052 -prefsLen 33093 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ffc7800e-51e3-45ac-bcdd-0eb239f79988} 6916 "\\.\pipe\gecko-crash-server-pipe.6916" 2c22e35cf10 utility
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                                                                                                                            Execution Coverage:2%
                                                                                                                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                            Signature Coverage:4.3%
                                                                                                                                                                                                                                                                                                                                                            Total number of Nodes:1555
                                                                                                                                                                                                                                                                                                                                                            Total number of Limit Nodes:53
                                                                                                                                                                                                                                                                                                                                                            execution_graph 95254 822de3 95255 822df0 __wsopen_s 95254->95255 95256 822e09 95255->95256 95257 862c2b ___scrt_fastfail 95255->95257 95270 823aa2 95256->95270 95259 862c47 GetOpenFileNameW 95257->95259 95261 862c96 95259->95261 95328 826b57 95261->95328 95266 862cab 95266->95266 95267 822e27 95298 8244a8 95267->95298 95340 861f50 95270->95340 95273 823ae9 95346 82a6c3 95273->95346 95274 823ace 95275 826b57 22 API calls 95274->95275 95277 823ada 95275->95277 95342 8237a0 95277->95342 95280 822da5 95281 861f50 __wsopen_s 95280->95281 95282 822db2 GetLongPathNameW 95281->95282 95283 826b57 22 API calls 95282->95283 95284 822dda 95283->95284 95285 823598 95284->95285 95397 82a961 95285->95397 95288 823aa2 23 API calls 95289 8235b5 95288->95289 95290 8235c0 95289->95290 95293 8632eb 95289->95293 95402 82515f 95290->95402 95295 86330d 95293->95295 95414 83ce60 41 API calls 95293->95414 95297 8235df 95297->95267 95415 824ecb 95298->95415 95301 863833 95437 892cf9 95301->95437 95303 824ecb 94 API calls 95305 8244e1 95303->95305 95304 863848 95306 86384c 95304->95306 95307 863869 95304->95307 95305->95301 95308 8244e9 95305->95308 95464 824f39 95306->95464 95310 83fe0b 22 API calls 95307->95310 95311 863854 95308->95311 95312 8244f5 95308->95312 95327 8638ae 95310->95327 95470 88da5a 82 API calls 95311->95470 95463 82940c 136 API calls 2 library calls 95312->95463 95315 863862 95315->95307 95316 822e31 95317 863a5f 95322 863a67 95317->95322 95318 824f39 68 API calls 95318->95322 95322->95318 95476 88989b 82 API calls __wsopen_s 95322->95476 95324 829cb3 22 API calls 95324->95327 95327->95317 95327->95322 95327->95324 95471 88967e 22 API calls __fread_nolock 95327->95471 95472 8895ad 42 API calls _wcslen 95327->95472 95473 890b5a 22 API calls 95327->95473 95474 82a4a1 22 API calls __fread_nolock 95327->95474 95475 823ff7 22 API calls 95327->95475 95329 826b67 _wcslen 95328->95329 95330 864ba1 95328->95330 95333 826ba2 95329->95333 95334 826b7d 95329->95334 95331 8293b2 22 API calls 95330->95331 95332 864baa 95331->95332 95332->95332 95335 83fddb 22 API calls 95333->95335 95760 826f34 22 API calls 95334->95760 95337 826bae 95335->95337 95339 83fe0b 22 API calls 95337->95339 95338 826b85 __fread_nolock 95338->95266 95339->95338 95341 823aaf GetFullPathNameW 95340->95341 95341->95273 95341->95274 95343 8237ae 95342->95343 95352 8293b2 95343->95352 95345 822e12 95345->95280 95347 82a6d0 95346->95347 95348 82a6dd 95346->95348 95347->95277 95349 83fddb 22 API calls 95348->95349 95350 82a6e7 95349->95350 95351 83fe0b 22 API calls 95350->95351 95351->95347 95353 8293c9 __fread_nolock 95352->95353 95354 8293c0 95352->95354 95353->95345 95354->95353 95356 82aec9 95354->95356 95357 82aed9 __fread_nolock 95356->95357 95358 82aedc 95356->95358 95357->95353 95362 83fddb 95358->95362 95360 82aee7 95372 83fe0b 95360->95372 95364 83fde0 95362->95364 95365 83fdfa 95364->95365 95367 83fdfc 95364->95367 95382 84ea0c 95364->95382 95389 844ead 7 API calls 2 library calls 95364->95389 95365->95360 95371 84066d 95367->95371 95390 8432a4 RaiseException 95367->95390 95369 84068a 95369->95360 95391 8432a4 RaiseException 95371->95391 95374 83fddb 95372->95374 95373 84ea0c ___std_exception_copy 21 API calls 95373->95374 95374->95373 95375 83fdfa 95374->95375 95379 83fdfc 95374->95379 95394 844ead 7 API calls 2 library calls 95374->95394 95375->95357 95377 84066d 95396 8432a4 RaiseException 95377->95396 95379->95377 95395 8432a4 RaiseException 95379->95395 95380 84068a 95380->95357 95384 853820 __dosmaperr 95382->95384 95383 85385e 95393 84f2d9 20 API calls __dosmaperr 95383->95393 95384->95383 95386 853849 RtlAllocateHeap 95384->95386 95392 844ead 7 API calls 2 library calls 95384->95392 95386->95384 95387 85385c 95386->95387 95387->95364 95389->95364 95390->95371 95391->95369 95392->95384 95393->95387 95394->95374 95395->95377 95396->95380 95398 83fe0b 22 API calls 95397->95398 95399 82a976 95398->95399 95400 83fddb 22 API calls 95399->95400 95401 8235aa 95400->95401 95401->95288 95403 82516e 95402->95403 95407 82518f __fread_nolock 95402->95407 95405 83fe0b 22 API calls 95403->95405 95404 83fddb 22 API calls 95406 8235cc 95404->95406 95405->95407 95408 8235f3 95406->95408 95407->95404 95409 823605 95408->95409 95413 823624 __fread_nolock 95408->95413 95411 83fe0b 22 API calls 95409->95411 95410 83fddb 22 API calls 95412 82363b 95410->95412 95411->95413 95412->95297 95413->95410 95414->95293 95477 824e90 LoadLibraryA 95415->95477 95420 824ef6 LoadLibraryExW 95485 824e59 LoadLibraryA 95420->95485 95421 863ccf 95423 824f39 68 API calls 95421->95423 95425 863cd6 95423->95425 95426 824e59 3 API calls 95425->95426 95428 863cde 95426->95428 95507 8250f5 40 API calls __fread_nolock 95428->95507 95429 824f20 95429->95428 95430 824f2c 95429->95430 95432 824f39 68 API calls 95430->95432 95434 8244cd 95432->95434 95433 863cf5 95508 8928fe 27 API calls 95433->95508 95434->95301 95434->95303 95436 863d05 95438 892d15 95437->95438 95591 82511f 64 API calls 95438->95591 95440 892d29 95592 892e66 75 API calls 95440->95592 95442 892d3b 95460 892d3f 95442->95460 95593 8250f5 40 API calls __fread_nolock 95442->95593 95444 892d56 95594 8250f5 40 API calls __fread_nolock 95444->95594 95446 892d66 95595 8250f5 40 API calls __fread_nolock 95446->95595 95448 892d81 95596 8250f5 40 API calls __fread_nolock 95448->95596 95450 892d9c 95597 82511f 64 API calls 95450->95597 95452 892db3 95453 84ea0c ___std_exception_copy 21 API calls 95452->95453 95454 892dba 95453->95454 95455 84ea0c ___std_exception_copy 21 API calls 95454->95455 95456 892dc4 95455->95456 95598 8250f5 40 API calls __fread_nolock 95456->95598 95458 892dd8 95599 8928fe 27 API calls 95458->95599 95460->95304 95461 892dee 95461->95460 95600 8922ce 95461->95600 95463->95316 95465 824f43 95464->95465 95469 824f4a 95464->95469 95466 84e678 67 API calls 95465->95466 95466->95469 95467 824f6a FreeLibrary 95468 824f59 95467->95468 95468->95311 95469->95467 95469->95468 95470->95315 95471->95327 95472->95327 95473->95327 95474->95327 95475->95327 95476->95322 95478 824ec6 95477->95478 95479 824ea8 GetProcAddress 95477->95479 95482 84e5eb 95478->95482 95480 824eb8 95479->95480 95480->95478 95481 824ebf FreeLibrary 95480->95481 95481->95478 95509 84e52a 95482->95509 95484 824eea 95484->95420 95484->95421 95486 824e6e GetProcAddress 95485->95486 95487 824e8d 95485->95487 95488 824e7e 95486->95488 95490 824f80 95487->95490 95488->95487 95489 824e86 FreeLibrary 95488->95489 95489->95487 95491 83fe0b 22 API calls 95490->95491 95492 824f95 95491->95492 95577 825722 95492->95577 95494 824fa1 __fread_nolock 95495 824fdc 95494->95495 95496 8250a5 95494->95496 95497 863d1d 95494->95497 95501 863d22 95495->95501 95506 82506e messages 95495->95506 95586 8250f5 40 API calls __fread_nolock 95495->95586 95587 82511f 64 API calls 95495->95587 95580 8242a2 CreateStreamOnHGlobal 95496->95580 95588 89304d 74 API calls 95497->95588 95589 82511f 64 API calls 95501->95589 95503 863d45 95590 8250f5 40 API calls __fread_nolock 95503->95590 95506->95429 95507->95433 95508->95436 95511 84e536 ___DestructExceptionObject 95509->95511 95510 84e544 95534 84f2d9 20 API calls __dosmaperr 95510->95534 95511->95510 95514 84e574 95511->95514 95513 84e549 95535 8527ec 26 API calls ___std_exception_copy 95513->95535 95516 84e586 95514->95516 95517 84e579 95514->95517 95526 858061 95516->95526 95536 84f2d9 20 API calls __dosmaperr 95517->95536 95520 84e58f 95521 84e595 95520->95521 95522 84e5a2 95520->95522 95537 84f2d9 20 API calls __dosmaperr 95521->95537 95538 84e5d4 LeaveCriticalSection __fread_nolock 95522->95538 95523 84e554 __fread_nolock 95523->95484 95527 85806d ___DestructExceptionObject 95526->95527 95539 852f5e EnterCriticalSection 95527->95539 95529 85807b 95540 8580fb 95529->95540 95533 8580ac __fread_nolock 95533->95520 95534->95513 95535->95523 95536->95523 95537->95523 95538->95523 95539->95529 95547 85811e 95540->95547 95541 858177 95558 854c7d 95541->95558 95546 858189 95552 858088 95546->95552 95571 853405 11 API calls 2 library calls 95546->95571 95547->95541 95547->95547 95547->95552 95556 84918d EnterCriticalSection 95547->95556 95557 8491a1 LeaveCriticalSection 95547->95557 95549 8581a8 95572 84918d EnterCriticalSection 95549->95572 95553 8580b7 95552->95553 95576 852fa6 LeaveCriticalSection 95553->95576 95555 8580be 95555->95533 95556->95547 95557->95547 95564 854c8a __dosmaperr 95558->95564 95559 854cca 95574 84f2d9 20 API calls __dosmaperr 95559->95574 95560 854cb5 RtlAllocateHeap 95562 854cc8 95560->95562 95560->95564 95565 8529c8 95562->95565 95564->95559 95564->95560 95573 844ead 7 API calls 2 library calls 95564->95573 95566 8529fc _free 95565->95566 95567 8529d3 RtlFreeHeap 95565->95567 95566->95546 95567->95566 95568 8529e8 95567->95568 95575 84f2d9 20 API calls __dosmaperr 95568->95575 95570 8529ee GetLastError 95570->95566 95571->95549 95572->95552 95573->95564 95574->95562 95575->95570 95576->95555 95578 83fddb 22 API calls 95577->95578 95579 825734 95578->95579 95579->95494 95581 8242bc FindResourceExW 95580->95581 95585 8242d9 95580->95585 95582 8635ba LoadResource 95581->95582 95581->95585 95583 8635cf SizeofResource 95582->95583 95582->95585 95584 8635e3 LockResource 95583->95584 95583->95585 95584->95585 95585->95495 95586->95495 95587->95495 95588->95501 95589->95503 95590->95506 95591->95440 95592->95442 95593->95444 95594->95446 95595->95448 95596->95450 95597->95452 95598->95458 95599->95461 95601 8922d9 95600->95601 95602 8922e7 95600->95602 95603 84e5eb 29 API calls 95601->95603 95604 89232c 95602->95604 95605 84e5eb 29 API calls 95602->95605 95624 8922f0 95602->95624 95603->95602 95629 892557 40 API calls __fread_nolock 95604->95629 95606 892311 95605->95606 95606->95604 95608 89231a 95606->95608 95608->95624 95637 84e678 95608->95637 95609 892370 95610 892395 95609->95610 95611 892374 95609->95611 95630 892171 95610->95630 95614 892381 95611->95614 95616 84e678 67 API calls 95611->95616 95617 84e678 67 API calls 95614->95617 95614->95624 95615 89239d 95618 8923c3 95615->95618 95619 8923a3 95615->95619 95616->95614 95617->95624 95650 8923f3 74 API calls 95618->95650 95621 8923b0 95619->95621 95622 84e678 67 API calls 95619->95622 95623 84e678 67 API calls 95621->95623 95621->95624 95622->95621 95623->95624 95624->95460 95625 8923de 95625->95624 95628 84e678 67 API calls 95625->95628 95626 8923ca 95626->95625 95627 84e678 67 API calls 95626->95627 95627->95625 95628->95624 95629->95609 95631 84ea0c ___std_exception_copy 21 API calls 95630->95631 95632 89217f 95631->95632 95633 84ea0c ___std_exception_copy 21 API calls 95632->95633 95634 892190 95633->95634 95635 84ea0c ___std_exception_copy 21 API calls 95634->95635 95636 89219c 95635->95636 95636->95615 95638 84e684 ___DestructExceptionObject 95637->95638 95639 84e695 95638->95639 95640 84e6aa 95638->95640 95668 84f2d9 20 API calls __dosmaperr 95639->95668 95649 84e6a5 __fread_nolock 95640->95649 95651 84918d EnterCriticalSection 95640->95651 95642 84e69a 95669 8527ec 26 API calls ___std_exception_copy 95642->95669 95645 84e6c6 95652 84e602 95645->95652 95647 84e6d1 95670 84e6ee LeaveCriticalSection __fread_nolock 95647->95670 95649->95624 95650->95626 95651->95645 95653 84e624 95652->95653 95654 84e60f 95652->95654 95666 84e61f 95653->95666 95671 84dc0b 95653->95671 95703 84f2d9 20 API calls __dosmaperr 95654->95703 95657 84e614 95704 8527ec 26 API calls ___std_exception_copy 95657->95704 95663 84e646 95688 85862f 95663->95688 95666->95647 95667 8529c8 _free 20 API calls 95667->95666 95668->95642 95669->95649 95670->95649 95672 84dc23 95671->95672 95676 84dc1f 95671->95676 95673 84d955 __fread_nolock 26 API calls 95672->95673 95672->95676 95674 84dc43 95673->95674 95705 8559be 62 API calls 6 library calls 95674->95705 95677 854d7a 95676->95677 95678 84e640 95677->95678 95679 854d90 95677->95679 95681 84d955 95678->95681 95679->95678 95680 8529c8 _free 20 API calls 95679->95680 95680->95678 95682 84d976 95681->95682 95683 84d961 95681->95683 95682->95663 95706 84f2d9 20 API calls __dosmaperr 95683->95706 95685 84d966 95707 8527ec 26 API calls ___std_exception_copy 95685->95707 95687 84d971 95687->95663 95689 858653 95688->95689 95690 85863e 95688->95690 95692 85868e 95689->95692 95695 85867a 95689->95695 95711 84f2c6 20 API calls __dosmaperr 95690->95711 95713 84f2c6 20 API calls __dosmaperr 95692->95713 95694 858643 95712 84f2d9 20 API calls __dosmaperr 95694->95712 95708 858607 95695->95708 95696 858693 95714 84f2d9 20 API calls __dosmaperr 95696->95714 95700 84e64c 95700->95666 95700->95667 95701 85869b 95715 8527ec 26 API calls ___std_exception_copy 95701->95715 95703->95657 95704->95666 95705->95676 95706->95685 95707->95687 95716 858585 95708->95716 95710 85862b 95710->95700 95711->95694 95712->95700 95713->95696 95714->95701 95715->95700 95717 858591 ___DestructExceptionObject 95716->95717 95727 855147 EnterCriticalSection 95717->95727 95719 85859f 95720 8585c6 95719->95720 95721 8585d1 95719->95721 95728 8586ae 95720->95728 95743 84f2d9 20 API calls __dosmaperr 95721->95743 95724 8585cc 95744 8585fb LeaveCriticalSection __wsopen_s 95724->95744 95726 8585ee __fread_nolock 95726->95710 95727->95719 95745 8553c4 95728->95745 95730 8586c4 95758 855333 21 API calls 3 library calls 95730->95758 95732 8586be 95732->95730 95735 8553c4 __wsopen_s 26 API calls 95732->95735 95742 8586f6 95732->95742 95733 8553c4 __wsopen_s 26 API calls 95737 858702 CloseHandle 95733->95737 95734 85871c 95741 85873e 95734->95741 95759 84f2a3 20 API calls 2 library calls 95734->95759 95736 8586ed 95735->95736 95738 8553c4 __wsopen_s 26 API calls 95736->95738 95737->95730 95739 85870e GetLastError 95737->95739 95738->95742 95739->95730 95741->95724 95742->95730 95742->95733 95743->95724 95744->95726 95746 8553d1 95745->95746 95748 8553e6 95745->95748 95747 84f2c6 __dosmaperr 20 API calls 95746->95747 95749 8553d6 95747->95749 95750 84f2c6 __dosmaperr 20 API calls 95748->95750 95752 85540b 95748->95752 95751 84f2d9 _free 20 API calls 95749->95751 95753 855416 95750->95753 95754 8553de 95751->95754 95752->95732 95755 84f2d9 _free 20 API calls 95753->95755 95754->95732 95756 85541e 95755->95756 95757 8527ec ___std_exception_copy 26 API calls 95756->95757 95757->95754 95758->95734 95759->95741 95760->95338 95761 862ba5 95762 822b25 95761->95762 95763 862baf 95761->95763 95789 822b83 7 API calls 95762->95789 95807 823a5a 95763->95807 95767 862bb8 95814 829cb3 95767->95814 95770 862bc6 95772 862bf5 95770->95772 95773 862bce 95770->95773 95771 822b2f 95780 822b44 95771->95780 95793 823837 95771->95793 95774 8233c6 22 API calls 95772->95774 95820 8233c6 95773->95820 95777 862bf1 GetForegroundWindow ShellExecuteW 95774->95777 95783 862c26 95777->95783 95781 822b5f 95780->95781 95803 8230f2 95780->95803 95787 822b66 SetCurrentDirectoryW 95781->95787 95783->95781 95785 862be7 95786 8233c6 22 API calls 95785->95786 95786->95777 95788 822b7a 95787->95788 95830 822cd4 7 API calls 95789->95830 95791 822b2a 95792 822c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 95791->95792 95792->95771 95794 823862 ___scrt_fastfail 95793->95794 95831 824212 95794->95831 95797 8238e8 95799 863386 Shell_NotifyIconW 95797->95799 95800 823906 Shell_NotifyIconW 95797->95800 95835 823923 95800->95835 95802 82391c 95802->95780 95804 823154 95803->95804 95805 823104 ___scrt_fastfail 95803->95805 95804->95781 95806 823123 Shell_NotifyIconW 95805->95806 95806->95804 95808 861f50 __wsopen_s 95807->95808 95809 823a67 GetModuleFileNameW 95808->95809 95810 829cb3 22 API calls 95809->95810 95811 823a8d 95810->95811 95812 823aa2 23 API calls 95811->95812 95813 823a97 95812->95813 95813->95767 95815 829cc2 _wcslen 95814->95815 95816 83fe0b 22 API calls 95815->95816 95817 829cea __fread_nolock 95816->95817 95818 83fddb 22 API calls 95817->95818 95819 829d00 95818->95819 95819->95770 95821 8630bb 95820->95821 95822 8233dd 95820->95822 95824 83fddb 22 API calls 95821->95824 95866 8233ee 95822->95866 95826 8630c5 _wcslen 95824->95826 95825 8233e8 95829 826350 22 API calls 95825->95829 95827 83fe0b 22 API calls 95826->95827 95828 8630fe __fread_nolock 95827->95828 95829->95785 95830->95791 95832 8635a4 95831->95832 95833 8238b7 95831->95833 95832->95833 95834 8635ad DestroyIcon 95832->95834 95833->95797 95857 88c874 42 API calls _strftime 95833->95857 95834->95833 95836 823a13 95835->95836 95837 82393f 95835->95837 95836->95802 95858 826270 95837->95858 95840 863393 LoadStringW 95843 8633ad 95840->95843 95841 82395a 95842 826b57 22 API calls 95841->95842 95844 82396f 95842->95844 95851 823994 ___scrt_fastfail 95843->95851 95864 82a8c7 22 API calls __fread_nolock 95843->95864 95845 82397c 95844->95845 95846 8633c9 95844->95846 95845->95843 95848 823986 95845->95848 95865 826350 22 API calls 95846->95865 95863 826350 22 API calls 95848->95863 95854 8239f9 Shell_NotifyIconW 95851->95854 95852 8633d7 95852->95851 95853 8233c6 22 API calls 95852->95853 95855 8633f9 95853->95855 95854->95836 95856 8233c6 22 API calls 95855->95856 95856->95851 95857->95797 95859 83fe0b 22 API calls 95858->95859 95860 826295 95859->95860 95861 83fddb 22 API calls 95860->95861 95862 82394d 95861->95862 95862->95840 95862->95841 95863->95851 95864->95851 95865->95852 95867 8233fe _wcslen 95866->95867 95868 823411 95867->95868 95869 86311d 95867->95869 95876 82a587 95868->95876 95871 83fddb 22 API calls 95869->95871 95872 863127 95871->95872 95874 83fe0b 22 API calls 95872->95874 95873 82341e __fread_nolock 95873->95825 95875 863157 __fread_nolock 95874->95875 95877 82a59d 95876->95877 95880 82a598 __fread_nolock 95876->95880 95878 86f80f 95877->95878 95879 83fe0b 22 API calls 95877->95879 95879->95880 95880->95873 95881 862402 95884 821410 95881->95884 95885 82144f mciSendStringW 95884->95885 95886 8624b8 DestroyWindow 95884->95886 95887 8216c6 95885->95887 95888 82146b 95885->95888 95898 8624c4 95886->95898 95887->95888 95890 8216d5 UnregisterHotKey 95887->95890 95889 821479 95888->95889 95888->95898 95917 82182e 95889->95917 95890->95887 95892 862509 95899 86252d 95892->95899 95900 86251c FreeLibrary 95892->95900 95893 8624e2 FindClose 95893->95898 95894 8624d8 95894->95898 95923 826246 CloseHandle 95894->95923 95897 82148e 95897->95899 95905 82149c 95897->95905 95898->95892 95898->95893 95898->95894 95901 862541 VirtualFree 95899->95901 95908 821509 95899->95908 95900->95892 95901->95899 95902 8214f8 CoUninitialize 95902->95908 95903 821514 95907 821524 95903->95907 95904 862589 95910 862598 messages 95904->95910 95924 8932eb 6 API calls messages 95904->95924 95905->95902 95921 821944 VirtualFreeEx CloseHandle 95907->95921 95908->95903 95908->95904 95913 862627 95910->95913 95925 8864d4 22 API calls messages 95910->95925 95912 82153a 95912->95910 95914 82161f 95912->95914 95913->95913 95914->95913 95922 821876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 95914->95922 95916 8216c1 95919 82183b 95917->95919 95918 821480 95918->95892 95918->95897 95919->95918 95926 88702a 22 API calls 95919->95926 95921->95912 95922->95916 95923->95894 95924->95904 95925->95910 95926->95919 95927 821044 95932 8210f3 95927->95932 95929 82104a 95968 8400a3 29 API calls __onexit 95929->95968 95931 821054 95969 821398 95932->95969 95936 82116a 95937 82a961 22 API calls 95936->95937 95938 821174 95937->95938 95939 82a961 22 API calls 95938->95939 95940 82117e 95939->95940 95941 82a961 22 API calls 95940->95941 95942 821188 95941->95942 95943 82a961 22 API calls 95942->95943 95944 8211c6 95943->95944 95945 82a961 22 API calls 95944->95945 95946 821292 95945->95946 95979 82171c 95946->95979 95950 8212c4 95951 82a961 22 API calls 95950->95951 95952 8212ce 95951->95952 96000 831940 95952->96000 95954 8212f9 96010 821aab 95954->96010 95956 821315 95957 821325 GetStdHandle 95956->95957 95958 862485 95957->95958 95959 82137a 95957->95959 95958->95959 95960 86248e 95958->95960 95962 821387 OleInitialize 95959->95962 95961 83fddb 22 API calls 95960->95961 95963 862495 95961->95963 95962->95929 96017 89011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 95963->96017 95965 86249e 96018 890944 CreateThread 95965->96018 95967 8624aa CloseHandle 95967->95959 95968->95931 96019 8213f1 95969->96019 95972 8213f1 22 API calls 95973 8213d0 95972->95973 95974 82a961 22 API calls 95973->95974 95975 8213dc 95974->95975 95976 826b57 22 API calls 95975->95976 95977 821129 95976->95977 95978 821bc3 6 API calls 95977->95978 95978->95936 95980 82a961 22 API calls 95979->95980 95981 82172c 95980->95981 95982 82a961 22 API calls 95981->95982 95983 821734 95982->95983 95984 82a961 22 API calls 95983->95984 95985 82174f 95984->95985 95986 83fddb 22 API calls 95985->95986 95987 82129c 95986->95987 95988 821b4a 95987->95988 95989 821b58 95988->95989 95990 82a961 22 API calls 95989->95990 95991 821b63 95990->95991 95992 82a961 22 API calls 95991->95992 95993 821b6e 95992->95993 95994 82a961 22 API calls 95993->95994 95995 821b79 95994->95995 95996 82a961 22 API calls 95995->95996 95997 821b84 95996->95997 95998 83fddb 22 API calls 95997->95998 95999 821b96 RegisterWindowMessageW 95998->95999 95999->95950 96001 831981 96000->96001 96003 83195d 96000->96003 96026 840242 5 API calls __Init_thread_wait 96001->96026 96002 83196e 96002->95954 96003->96002 96028 840242 5 API calls __Init_thread_wait 96003->96028 96006 83198b 96006->96003 96027 8401f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96006->96027 96007 838727 96007->96002 96029 8401f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96007->96029 96011 821abb 96010->96011 96012 86272d 96010->96012 96014 83fddb 22 API calls 96011->96014 96030 893209 23 API calls 96012->96030 96015 821ac3 96014->96015 96015->95956 96016 862738 96017->95965 96018->95967 96031 89092a 28 API calls 96018->96031 96020 82a961 22 API calls 96019->96020 96021 8213fc 96020->96021 96022 82a961 22 API calls 96021->96022 96023 821404 96022->96023 96024 82a961 22 API calls 96023->96024 96025 8213c6 96024->96025 96025->95972 96026->96006 96027->96003 96028->96007 96029->96002 96030->96016 96032 872a00 96042 82d7b0 messages 96032->96042 96033 82db11 PeekMessageW 96033->96042 96034 82d807 GetInputState 96034->96033 96034->96042 96035 82d9d5 96036 871cbe TranslateAcceleratorW 96036->96042 96038 82db8f PeekMessageW 96038->96042 96039 82da04 timeGetTime 96039->96042 96040 82db73 TranslateMessage DispatchMessageW 96040->96038 96041 82dbaf Sleep 96041->96042 96042->96033 96042->96034 96042->96035 96042->96036 96042->96038 96042->96039 96042->96040 96042->96041 96043 872b74 Sleep 96042->96043 96045 872a51 96042->96045 96047 871dda timeGetTime 96042->96047 96064 82dd50 96042->96064 96071 831310 96042->96071 96125 82bf40 96042->96125 96183 83edf6 96042->96183 96188 82dfd0 348 API calls 3 library calls 96042->96188 96189 83e551 timeGetTime 96042->96189 96191 893a2a 23 API calls 96042->96191 96192 82ec40 96042->96192 96216 89359c 82 API calls __wsopen_s 96042->96216 96043->96045 96045->96035 96045->96042 96050 872c0b GetExitCodeProcess 96045->96050 96053 8b29bf GetForegroundWindow 96045->96053 96055 872ca9 Sleep 96045->96055 96217 8a5658 23 API calls 96045->96217 96218 88e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 96045->96218 96219 83e551 timeGetTime 96045->96219 96220 88d4dc CreateToolhelp32Snapshot Process32FirstW 96045->96220 96190 83e300 23 API calls 96047->96190 96051 872c37 CloseHandle 96050->96051 96052 872c21 WaitForSingleObject 96050->96052 96051->96045 96052->96042 96052->96051 96053->96045 96055->96042 96065 82dd6f 96064->96065 96066 82dd83 96064->96066 96230 82d260 96065->96230 96262 89359c 82 API calls __wsopen_s 96066->96262 96069 82dd7a 96069->96042 96070 872f75 96070->96070 96072 8317b0 96071->96072 96073 831376 96071->96073 96301 840242 5 API calls __Init_thread_wait 96072->96301 96074 876331 96073->96074 96076 831940 9 API calls 96073->96076 96315 8a709c 348 API calls 96074->96315 96079 8313a0 96076->96079 96078 8317ba 96081 8317fb 96078->96081 96082 829cb3 22 API calls 96078->96082 96083 831940 9 API calls 96079->96083 96080 87633d 96080->96042 96085 876346 96081->96085 96087 83182c 96081->96087 96090 8317d4 96082->96090 96084 8313b6 96083->96084 96084->96081 96086 8313ec 96084->96086 96316 89359c 82 API calls __wsopen_s 96085->96316 96086->96085 96110 831408 __fread_nolock 96086->96110 96303 82aceb 96087->96303 96302 8401f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96090->96302 96091 831839 96313 83d217 348 API calls 96091->96313 96094 87636e 96317 89359c 82 API calls __wsopen_s 96094->96317 96095 83152f 96097 8763d1 96095->96097 96098 83153c 96095->96098 96319 8a5745 54 API calls _wcslen 96097->96319 96100 831940 9 API calls 96098->96100 96101 831549 96100->96101 96107 831940 9 API calls 96101->96107 96111 8315c7 messages 96101->96111 96102 83fddb 22 API calls 96102->96110 96103 831872 96103->96074 96314 83faeb 23 API calls 96103->96314 96104 83fe0b 22 API calls 96104->96110 96105 83171d 96105->96042 96115 831563 96107->96115 96109 82ec40 348 API calls 96109->96110 96110->96091 96110->96094 96110->96095 96110->96102 96110->96104 96110->96109 96110->96111 96113 8763b2 96110->96113 96111->96103 96112 831940 9 API calls 96111->96112 96117 83167b messages 96111->96117 96272 8aa2ea 96111->96272 96277 8b1591 96111->96277 96280 83f645 96111->96280 96287 895c5a 96111->96287 96292 8aabf7 96111->96292 96297 8aab67 96111->96297 96321 89359c 82 API calls __wsopen_s 96111->96321 96112->96111 96318 89359c 82 API calls __wsopen_s 96113->96318 96115->96111 96320 82a8c7 22 API calls __fread_nolock 96115->96320 96117->96105 96300 83ce17 22 API calls messages 96117->96300 96495 82adf0 96125->96495 96127 82bf9d 96128 8704b6 96127->96128 96129 82bfa9 96127->96129 96513 89359c 82 API calls __wsopen_s 96128->96513 96131 8704c6 96129->96131 96132 82c01e 96129->96132 96514 89359c 82 API calls __wsopen_s 96131->96514 96500 82ac91 96132->96500 96136 82c7da 96139 83fe0b 22 API calls 96136->96139 96144 82c808 __fread_nolock 96139->96144 96142 8704f5 96145 87055a 96142->96145 96515 83d217 348 API calls 96142->96515 96149 83fe0b 22 API calls 96144->96149 96168 82c603 96145->96168 96516 89359c 82 API calls __wsopen_s 96145->96516 96146 82af8a 22 API calls 96179 82c039 __fread_nolock messages 96146->96179 96147 887120 22 API calls 96147->96179 96148 87091a 96525 893209 23 API calls 96148->96525 96180 82c350 __fread_nolock messages 96149->96180 96150 83fddb 22 API calls 96150->96179 96153 82ec40 348 API calls 96153->96179 96154 8708a5 96155 82ec40 348 API calls 96154->96155 96157 8708cf 96155->96157 96157->96168 96523 82a81b 41 API calls 96157->96523 96158 870591 96517 89359c 82 API calls __wsopen_s 96158->96517 96159 8708f6 96524 89359c 82 API calls __wsopen_s 96159->96524 96164 82aceb 23 API calls 96164->96179 96165 82c237 96166 82c253 96165->96166 96526 82a8c7 22 API calls __fread_nolock 96165->96526 96169 870976 96166->96169 96173 82c297 messages 96166->96173 96168->96042 96171 82aceb 23 API calls 96169->96171 96172 8709bf 96171->96172 96172->96168 96527 89359c 82 API calls __wsopen_s 96172->96527 96173->96172 96174 82aceb 23 API calls 96173->96174 96175 82c335 96174->96175 96175->96172 96177 82c342 96175->96177 96176 82bbe0 40 API calls 96176->96179 96511 82a704 22 API calls messages 96177->96511 96179->96136 96179->96142 96179->96144 96179->96145 96179->96146 96179->96147 96179->96148 96179->96150 96179->96153 96179->96154 96179->96158 96179->96159 96179->96164 96179->96165 96179->96168 96179->96172 96179->96176 96181 83fe0b 22 API calls 96179->96181 96504 82ad81 96179->96504 96518 887099 22 API calls __fread_nolock 96179->96518 96519 8a5745 54 API calls _wcslen 96179->96519 96520 83aa42 22 API calls messages 96179->96520 96521 88f05c 40 API calls 96179->96521 96522 82a993 41 API calls 96179->96522 96182 82c3ac 96180->96182 96512 83ce17 22 API calls messages 96180->96512 96181->96179 96182->96042 96184 83ee09 96183->96184 96185 83ee12 96183->96185 96184->96042 96185->96184 96186 83ee36 IsDialogMessageW 96185->96186 96187 87efaf GetClassLongW 96185->96187 96186->96184 96186->96185 96187->96185 96187->96186 96188->96042 96189->96042 96190->96042 96191->96042 96214 82ec76 messages 96192->96214 96193 840242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96193->96214 96194 8401f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96194->96214 96196 83fddb 22 API calls 96196->96214 96197 82fef7 96209 82ed9d messages 96197->96209 96540 82a8c7 22 API calls __fread_nolock 96197->96540 96199 874b0b 96542 89359c 82 API calls __wsopen_s 96199->96542 96200 82a8c7 22 API calls 96200->96214 96201 874600 96201->96209 96539 82a8c7 22 API calls __fread_nolock 96201->96539 96207 82fbe3 96207->96209 96210 874bdc 96207->96210 96215 82f3ae messages 96207->96215 96208 82a961 22 API calls 96208->96214 96209->96042 96543 89359c 82 API calls __wsopen_s 96210->96543 96211 8400a3 29 API calls pre_c_initialization 96211->96214 96213 874beb 96544 89359c 82 API calls __wsopen_s 96213->96544 96214->96193 96214->96194 96214->96196 96214->96197 96214->96199 96214->96200 96214->96201 96214->96207 96214->96208 96214->96209 96214->96211 96214->96213 96214->96215 96537 8301e0 348 API calls 2 library calls 96214->96537 96538 8306a0 41 API calls messages 96214->96538 96215->96209 96541 89359c 82 API calls __wsopen_s 96215->96541 96216->96042 96217->96045 96218->96045 96219->96045 96545 88def7 96220->96545 96222 88d529 Process32NextW 96223 88d5db CloseHandle 96222->96223 96228 88d522 96222->96228 96223->96045 96224 82a961 22 API calls 96224->96228 96225 829cb3 22 API calls 96225->96228 96228->96222 96228->96223 96228->96224 96228->96225 96551 82525f 22 API calls 96228->96551 96552 826350 22 API calls 96228->96552 96553 83ce60 41 API calls 96228->96553 96231 82ec40 348 API calls 96230->96231 96247 82d29d 96231->96247 96232 871bc4 96271 89359c 82 API calls __wsopen_s 96232->96271 96234 82d30b messages 96234->96069 96235 82d6d5 96235->96234 96245 83fe0b 22 API calls 96235->96245 96236 82d3c3 96236->96235 96237 82d3ce 96236->96237 96239 83fddb 22 API calls 96237->96239 96238 82d5ff 96240 871bb5 96238->96240 96241 82d614 96238->96241 96249 82d3d5 __fread_nolock 96239->96249 96270 8a5705 23 API calls 96240->96270 96244 83fddb 22 API calls 96241->96244 96242 82d4b8 96246 83fe0b 22 API calls 96242->96246 96254 82d46a 96244->96254 96245->96249 96257 82d429 __fread_nolock messages 96246->96257 96247->96232 96247->96234 96247->96235 96247->96236 96247->96242 96250 83fddb 22 API calls 96247->96250 96247->96257 96248 83fddb 22 API calls 96251 82d3f6 96248->96251 96249->96248 96249->96251 96250->96247 96251->96257 96263 82bec0 348 API calls 96251->96263 96253 871ba4 96269 89359c 82 API calls __wsopen_s 96253->96269 96254->96069 96257->96238 96257->96253 96257->96254 96258 871b7f 96257->96258 96260 871b5d 96257->96260 96264 821f6f 96257->96264 96268 89359c 82 API calls __wsopen_s 96258->96268 96267 89359c 82 API calls __wsopen_s 96260->96267 96262->96070 96263->96257 96265 82ec40 348 API calls 96264->96265 96266 821f98 96265->96266 96266->96257 96267->96254 96268->96254 96269->96254 96270->96232 96271->96234 96322 827510 96272->96322 96275 88d4dc 47 API calls 96276 8aa315 96275->96276 96276->96111 96349 8b2ad8 96277->96349 96279 8b159f 96279->96111 96360 82b567 96280->96360 96282 83f659 96283 83f661 timeGetTime 96282->96283 96284 87f2dc Sleep 96282->96284 96285 82b567 39 API calls 96283->96285 96286 83f677 96285->96286 96286->96111 96288 827510 53 API calls 96287->96288 96289 895c6d 96288->96289 96366 88dbbe lstrlenW 96289->96366 96291 895c77 96291->96111 96371 8aaff9 96292->96371 96294 8aac54 96294->96111 96295 8aac0c 96295->96294 96296 82aceb 23 API calls 96295->96296 96296->96294 96298 8aaff9 217 API calls 96297->96298 96299 8aab79 96298->96299 96299->96111 96300->96117 96301->96078 96302->96081 96304 82acf9 96303->96304 96312 82ad2a messages 96303->96312 96305 82ad55 96304->96305 96306 82ad01 messages 96304->96306 96305->96312 96493 82a8c7 22 API calls __fread_nolock 96305->96493 96308 82ad21 96306->96308 96309 86fa48 96306->96309 96306->96312 96310 86fa3a VariantClear 96308->96310 96308->96312 96309->96312 96494 83ce17 22 API calls messages 96309->96494 96310->96312 96312->96091 96313->96103 96314->96103 96315->96080 96316->96111 96317->96111 96318->96111 96319->96115 96320->96111 96321->96111 96323 827525 96322->96323 96339 827522 96322->96339 96324 82755b 96323->96324 96325 82752d 96323->96325 96327 8650f6 96324->96327 96330 82756d 96324->96330 96335 86500f 96324->96335 96345 8451c6 26 API calls 96325->96345 96348 845183 26 API calls 96327->96348 96328 82753d 96334 83fddb 22 API calls 96328->96334 96346 83fb21 51 API calls 96330->96346 96332 86510e 96332->96332 96336 827547 96334->96336 96338 83fe0b 22 API calls 96335->96338 96344 865088 96335->96344 96337 829cb3 22 API calls 96336->96337 96337->96339 96341 865058 96338->96341 96339->96275 96340 83fddb 22 API calls 96342 86507f 96340->96342 96341->96340 96343 829cb3 22 API calls 96342->96343 96343->96344 96347 83fb21 51 API calls 96344->96347 96345->96328 96346->96328 96347->96327 96348->96332 96350 82aceb 23 API calls 96349->96350 96351 8b2af3 96350->96351 96352 8b2aff 96351->96352 96353 8b2b1d 96351->96353 96354 827510 53 API calls 96352->96354 96355 826b57 22 API calls 96353->96355 96356 8b2b0c 96354->96356 96357 8b2b1b 96355->96357 96356->96357 96359 82a8c7 22 API calls __fread_nolock 96356->96359 96357->96279 96359->96357 96361 82b578 96360->96361 96362 82b57f 96360->96362 96361->96362 96365 8462d1 39 API calls _strftime 96361->96365 96362->96282 96364 82b5c2 96364->96282 96365->96364 96367 88dbdc GetFileAttributesW 96366->96367 96368 88dc06 96366->96368 96367->96368 96369 88dbe8 FindFirstFileW 96367->96369 96368->96291 96369->96368 96370 88dbf9 FindClose 96369->96370 96370->96368 96372 8ab01d ___scrt_fastfail 96371->96372 96373 8ab058 96372->96373 96374 8ab094 96372->96374 96375 82b567 39 API calls 96373->96375 96378 82b567 39 API calls 96374->96378 96379 8ab08b 96374->96379 96376 8ab063 96375->96376 96376->96379 96382 82b567 39 API calls 96376->96382 96377 8ab0ed 96380 827510 53 API calls 96377->96380 96381 8ab0a5 96378->96381 96379->96377 96383 82b567 39 API calls 96379->96383 96384 8ab10b 96380->96384 96385 82b567 39 API calls 96381->96385 96386 8ab078 96382->96386 96383->96377 96462 827620 96384->96462 96385->96379 96388 82b567 39 API calls 96386->96388 96388->96379 96389 8ab115 96390 8ab1d8 96389->96390 96391 8ab11f 96389->96391 96393 8ab20a GetCurrentDirectoryW 96390->96393 96396 827510 53 API calls 96390->96396 96392 827510 53 API calls 96391->96392 96394 8ab130 96392->96394 96395 83fe0b 22 API calls 96393->96395 96397 827620 22 API calls 96394->96397 96398 8ab22f GetCurrentDirectoryW 96395->96398 96399 8ab1ef 96396->96399 96400 8ab13a 96397->96400 96401 8ab23c 96398->96401 96402 827620 22 API calls 96399->96402 96403 827510 53 API calls 96400->96403 96406 8ab275 96401->96406 96469 829c6e 22 API calls 96401->96469 96404 8ab1f9 _wcslen 96402->96404 96405 8ab14b 96403->96405 96404->96393 96404->96406 96407 827620 22 API calls 96405->96407 96413 8ab28b 96406->96413 96414 8ab287 96406->96414 96409 8ab155 96407->96409 96411 827510 53 API calls 96409->96411 96410 8ab255 96470 829c6e 22 API calls 96410->96470 96416 8ab166 96411->96416 96472 8907c0 10 API calls 96413->96472 96419 8ab39a CreateProcessW 96414->96419 96420 8ab2f8 96414->96420 96421 827620 22 API calls 96416->96421 96417 8ab265 96471 829c6e 22 API calls 96417->96471 96418 8ab294 96473 8906e6 10 API calls 96418->96473 96461 8ab32f _wcslen 96419->96461 96475 8811c8 39 API calls 96420->96475 96425 8ab170 96421->96425 96428 8ab1a6 GetSystemDirectoryW 96425->96428 96433 827510 53 API calls 96425->96433 96426 8ab2aa 96474 8905a7 8 API calls 96426->96474 96427 8ab2fd 96431 8ab32a 96427->96431 96432 8ab323 96427->96432 96430 83fe0b 22 API calls 96428->96430 96436 8ab1cb GetSystemDirectoryW 96430->96436 96477 8814ce 6 API calls 96431->96477 96476 881201 128 API calls 2 library calls 96432->96476 96438 8ab187 96433->96438 96435 8ab2d0 96435->96414 96436->96401 96439 827620 22 API calls 96438->96439 96441 8ab191 _wcslen 96439->96441 96440 8ab328 96440->96461 96441->96401 96441->96428 96442 8ab42f CloseHandle 96444 8ab43f 96442->96444 96452 8ab49a 96442->96452 96443 8ab3d6 GetLastError 96451 8ab41a 96443->96451 96445 8ab451 96444->96445 96446 8ab446 CloseHandle 96444->96446 96449 8ab458 CloseHandle 96445->96449 96450 8ab463 96445->96450 96446->96445 96448 8ab4a6 96448->96451 96449->96450 96453 8ab46a CloseHandle 96450->96453 96454 8ab475 96450->96454 96466 890175 96451->96466 96452->96448 96457 8ab4d2 CloseHandle 96452->96457 96453->96454 96478 8909d9 34 API calls 96454->96478 96457->96451 96459 8ab486 96479 8ab536 25 API calls 96459->96479 96461->96442 96461->96443 96463 82762a _wcslen 96462->96463 96464 83fe0b 22 API calls 96463->96464 96465 82763f 96464->96465 96465->96389 96480 89030f 96466->96480 96469->96410 96470->96417 96471->96406 96472->96418 96473->96426 96474->96435 96475->96427 96476->96440 96477->96461 96478->96459 96479->96452 96481 890329 96480->96481 96482 890321 CloseHandle 96480->96482 96483 89032e CloseHandle 96481->96483 96484 890336 96481->96484 96482->96481 96483->96484 96485 89033b CloseHandle 96484->96485 96486 890343 96484->96486 96485->96486 96487 890348 CloseHandle 96486->96487 96488 890350 96486->96488 96487->96488 96489 89035d 96488->96489 96490 890355 CloseHandle 96488->96490 96491 89017d 96489->96491 96492 890362 CloseHandle 96489->96492 96490->96489 96491->96295 96492->96491 96493->96312 96494->96312 96496 82ae01 96495->96496 96499 82ae1c messages 96495->96499 96497 82aec9 22 API calls 96496->96497 96498 82ae09 CharUpperBuffW 96497->96498 96498->96499 96499->96127 96501 82acae 96500->96501 96502 82acd1 96501->96502 96528 89359c 82 API calls __wsopen_s 96501->96528 96502->96179 96505 82ad92 96504->96505 96506 86fadb 96504->96506 96507 83fddb 22 API calls 96505->96507 96508 82ad99 96507->96508 96529 82adcd 96508->96529 96511->96180 96512->96180 96513->96131 96514->96168 96515->96145 96516->96168 96517->96168 96518->96179 96519->96179 96520->96179 96521->96179 96522->96179 96523->96159 96524->96168 96525->96165 96526->96166 96527->96168 96528->96502 96533 82addd 96529->96533 96530 82adb6 96530->96179 96531 83fddb 22 API calls 96531->96533 96532 82a961 22 API calls 96532->96533 96533->96530 96533->96531 96533->96532 96535 82adcd 22 API calls 96533->96535 96536 82a8c7 22 API calls __fread_nolock 96533->96536 96535->96533 96536->96533 96537->96214 96538->96214 96539->96209 96540->96209 96541->96209 96542->96209 96543->96213 96544->96209 96547 88df02 96545->96547 96546 88df19 96555 8462fb 39 API calls _strftime 96546->96555 96547->96546 96550 88df1f 96547->96550 96554 8463b2 GetStringTypeW _strftime 96547->96554 96550->96228 96551->96228 96552->96228 96553->96228 96554->96547 96555->96550 96556 858402 96561 8581be 96556->96561 96559 85842a 96566 8581ef try_get_first_available_module 96561->96566 96563 8583ee 96580 8527ec 26 API calls ___std_exception_copy 96563->96580 96565 858343 96565->96559 96573 860984 96565->96573 96566->96566 96569 858338 96566->96569 96576 848e0b 40 API calls 2 library calls 96566->96576 96568 85838c 96568->96569 96577 848e0b 40 API calls 2 library calls 96568->96577 96569->96565 96579 84f2d9 20 API calls __dosmaperr 96569->96579 96571 8583ab 96571->96569 96578 848e0b 40 API calls 2 library calls 96571->96578 96581 860081 96573->96581 96575 86099f 96575->96559 96576->96568 96577->96571 96578->96569 96579->96563 96580->96565 96583 86008d ___DestructExceptionObject 96581->96583 96582 86009b 96639 84f2d9 20 API calls __dosmaperr 96582->96639 96583->96582 96585 8600d4 96583->96585 96592 86065b 96585->96592 96586 8600a0 96640 8527ec 26 API calls ___std_exception_copy 96586->96640 96591 8600aa __fread_nolock 96591->96575 96642 86042f 96592->96642 96595 8606a6 96660 855221 96595->96660 96596 86068d 96674 84f2c6 20 API calls __dosmaperr 96596->96674 96599 8606ab 96601 8606b4 96599->96601 96602 8606cb 96599->96602 96600 860692 96675 84f2d9 20 API calls __dosmaperr 96600->96675 96676 84f2c6 20 API calls __dosmaperr 96601->96676 96673 86039a CreateFileW 96602->96673 96606 8606b9 96677 84f2d9 20 API calls __dosmaperr 96606->96677 96608 860781 GetFileType 96609 8607d3 96608->96609 96610 86078c GetLastError 96608->96610 96682 85516a 21 API calls 3 library calls 96609->96682 96680 84f2a3 20 API calls 2 library calls 96610->96680 96611 860756 GetLastError 96679 84f2a3 20 API calls 2 library calls 96611->96679 96614 860704 96614->96608 96614->96611 96678 86039a CreateFileW 96614->96678 96615 86079a CloseHandle 96615->96600 96617 8607c3 96615->96617 96681 84f2d9 20 API calls __dosmaperr 96617->96681 96619 860749 96619->96608 96619->96611 96620 8607f4 96622 860840 96620->96622 96683 8605ab 72 API calls 4 library calls 96620->96683 96627 86086d 96622->96627 96684 86014d 72 API calls 4 library calls 96622->96684 96623 8607c8 96623->96600 96626 860866 96626->96627 96628 86087e 96626->96628 96629 8586ae __wsopen_s 29 API calls 96627->96629 96630 8600f8 96628->96630 96631 8608fc CloseHandle 96628->96631 96629->96630 96641 860121 LeaveCriticalSection __wsopen_s 96630->96641 96685 86039a CreateFileW 96631->96685 96633 860927 96634 86095d 96633->96634 96635 860931 GetLastError 96633->96635 96634->96630 96686 84f2a3 20 API calls 2 library calls 96635->96686 96637 86093d 96687 855333 21 API calls 3 library calls 96637->96687 96639->96586 96640->96591 96641->96591 96643 86046a 96642->96643 96644 860450 96642->96644 96688 8603bf 96643->96688 96644->96643 96695 84f2d9 20 API calls __dosmaperr 96644->96695 96647 86045f 96696 8527ec 26 API calls ___std_exception_copy 96647->96696 96649 8604a2 96650 8604d1 96649->96650 96697 84f2d9 20 API calls __dosmaperr 96649->96697 96658 860524 96650->96658 96699 84d70d 26 API calls 2 library calls 96650->96699 96653 86051f 96655 86059e 96653->96655 96653->96658 96654 8604c6 96698 8527ec 26 API calls ___std_exception_copy 96654->96698 96700 8527fc 11 API calls _abort 96655->96700 96658->96595 96658->96596 96659 8605aa 96661 85522d ___DestructExceptionObject 96660->96661 96703 852f5e EnterCriticalSection 96661->96703 96664 855234 96665 855259 96664->96665 96669 8552c7 EnterCriticalSection 96664->96669 96672 85527b 96664->96672 96707 855000 96665->96707 96666 8552a4 __fread_nolock 96666->96599 96670 8552d4 LeaveCriticalSection 96669->96670 96669->96672 96670->96664 96704 85532a 96672->96704 96673->96614 96674->96600 96675->96630 96676->96606 96677->96600 96678->96619 96679->96600 96680->96615 96681->96623 96682->96620 96683->96622 96684->96626 96685->96633 96686->96637 96687->96634 96690 8603d7 96688->96690 96689 8603f2 96689->96649 96690->96689 96701 84f2d9 20 API calls __dosmaperr 96690->96701 96692 860416 96702 8527ec 26 API calls ___std_exception_copy 96692->96702 96694 860421 96694->96649 96695->96647 96696->96643 96697->96654 96698->96650 96699->96653 96700->96659 96701->96692 96702->96694 96703->96664 96715 852fa6 LeaveCriticalSection 96704->96715 96706 855331 96706->96666 96708 854c7d __dosmaperr 20 API calls 96707->96708 96710 855012 96708->96710 96709 85501f 96711 8529c8 _free 20 API calls 96709->96711 96710->96709 96716 853405 11 API calls 2 library calls 96710->96716 96713 855071 96711->96713 96713->96672 96714 855147 EnterCriticalSection 96713->96714 96714->96672 96715->96706 96716->96710 96717 821cad SystemParametersInfoW 96718 821033 96723 824c91 96718->96723 96722 821042 96724 82a961 22 API calls 96723->96724 96725 824cff 96724->96725 96731 823af0 96725->96731 96727 824d9c 96728 821038 96727->96728 96734 8251f7 22 API calls __fread_nolock 96727->96734 96730 8400a3 29 API calls __onexit 96728->96730 96730->96722 96735 823b1c 96731->96735 96734->96727 96736 823b0f 96735->96736 96737 823b29 96735->96737 96736->96727 96737->96736 96738 823b30 RegOpenKeyExW 96737->96738 96738->96736 96739 823b4a RegQueryValueExW 96738->96739 96740 823b80 RegCloseKey 96739->96740 96741 823b6b 96739->96741 96740->96736 96741->96740 96742 873f75 96753 83ceb1 96742->96753 96744 873f8b 96745 874006 96744->96745 96762 83e300 23 API calls 96744->96762 96747 82bf40 348 API calls 96745->96747 96748 874052 96747->96748 96751 874a88 96748->96751 96764 89359c 82 API calls __wsopen_s 96748->96764 96750 873fe6 96750->96748 96763 891abf 22 API calls 96750->96763 96754 83ced2 96753->96754 96755 83cebf 96753->96755 96756 83ced7 96754->96756 96757 83cf05 96754->96757 96758 82aceb 23 API calls 96755->96758 96759 83fddb 22 API calls 96756->96759 96760 82aceb 23 API calls 96757->96760 96761 83cec9 96758->96761 96759->96761 96760->96761 96761->96744 96762->96750 96763->96745 96764->96751 96765 823156 96768 823170 96765->96768 96769 823187 96768->96769 96770 8231eb 96769->96770 96771 82318c 96769->96771 96807 8231e9 96769->96807 96773 8231f1 96770->96773 96774 862dfb 96770->96774 96775 823265 PostQuitMessage 96771->96775 96776 823199 96771->96776 96772 8231d0 DefWindowProcW 96810 82316a 96772->96810 96777 8231f8 96773->96777 96778 82321d SetTimer RegisterWindowMessageW 96773->96778 96823 8218e2 10 API calls 96774->96823 96775->96810 96780 8231a4 96776->96780 96781 862e7c 96776->96781 96782 823201 KillTimer 96777->96782 96783 862d9c 96777->96783 96785 823246 CreatePopupMenu 96778->96785 96778->96810 96786 8231ae 96780->96786 96787 862e68 96780->96787 96826 88bf30 34 API calls ___scrt_fastfail 96781->96826 96791 8230f2 Shell_NotifyIconW 96782->96791 96789 862dd7 MoveWindow 96783->96789 96790 862da1 96783->96790 96784 862e1c 96824 83e499 42 API calls 96784->96824 96785->96810 96794 862e4d 96786->96794 96795 8231b9 96786->96795 96813 88c161 96787->96813 96789->96810 96797 862dc6 SetFocus 96790->96797 96798 862da7 96790->96798 96799 823214 96791->96799 96794->96772 96825 880ad7 22 API calls 96794->96825 96800 823253 96795->96800 96805 8231c4 96795->96805 96796 862e8e 96796->96772 96796->96810 96797->96810 96801 862db0 96798->96801 96798->96805 96820 823c50 DeleteObject DestroyWindow 96799->96820 96821 82326f 44 API calls ___scrt_fastfail 96800->96821 96822 8218e2 10 API calls 96801->96822 96805->96772 96809 8230f2 Shell_NotifyIconW 96805->96809 96807->96772 96808 823263 96808->96810 96811 862e41 96809->96811 96812 823837 49 API calls 96811->96812 96812->96807 96814 88c179 ___scrt_fastfail 96813->96814 96815 88c276 96813->96815 96816 823923 24 API calls 96814->96816 96815->96810 96818 88c1a0 96816->96818 96817 88c25f KillTimer SetTimer 96817->96815 96818->96817 96819 88c251 Shell_NotifyIconW 96818->96819 96819->96817 96820->96810 96821->96808 96822->96810 96823->96784 96824->96805 96825->96807 96826->96796 96827 822e37 96828 82a961 22 API calls 96827->96828 96829 822e4d 96828->96829 96906 824ae3 96829->96906 96831 822e6b 96832 823a5a 24 API calls 96831->96832 96833 822e7f 96832->96833 96834 829cb3 22 API calls 96833->96834 96835 822e8c 96834->96835 96836 824ecb 94 API calls 96835->96836 96837 822ea5 96836->96837 96838 862cb0 96837->96838 96839 822ead 96837->96839 96840 892cf9 80 API calls 96838->96840 96920 82a8c7 22 API calls __fread_nolock 96839->96920 96841 862cc3 96840->96841 96844 824f39 68 API calls 96841->96844 96846 862ccf 96841->96846 96843 822ec3 96921 826f88 22 API calls 96843->96921 96844->96846 96848 824f39 68 API calls 96846->96848 96847 822ecf 96850 829cb3 22 API calls 96847->96850 96849 862ce5 96848->96849 96938 823084 22 API calls 96849->96938 96851 822edc 96850->96851 96922 82a81b 41 API calls 96851->96922 96854 822eec 96856 829cb3 22 API calls 96854->96856 96855 862d02 96939 823084 22 API calls 96855->96939 96858 822f12 96856->96858 96923 82a81b 41 API calls 96858->96923 96859 862d1e 96861 823a5a 24 API calls 96859->96861 96863 862d44 96861->96863 96862 822f21 96865 82a961 22 API calls 96862->96865 96940 823084 22 API calls 96863->96940 96867 822f3f 96865->96867 96866 862d50 96941 82a8c7 22 API calls __fread_nolock 96866->96941 96924 823084 22 API calls 96867->96924 96869 862d5e 96942 823084 22 API calls 96869->96942 96872 822f4b 96925 844a28 40 API calls 3 library calls 96872->96925 96873 862d6d 96943 82a8c7 22 API calls __fread_nolock 96873->96943 96875 822f59 96875->96849 96876 822f63 96875->96876 96926 844a28 40 API calls 3 library calls 96876->96926 96879 862d83 96944 823084 22 API calls 96879->96944 96880 822f6e 96880->96855 96882 822f78 96880->96882 96927 844a28 40 API calls 3 library calls 96882->96927 96883 862d90 96885 822f83 96885->96859 96886 822f8d 96885->96886 96928 844a28 40 API calls 3 library calls 96886->96928 96888 822f98 96889 822fdc 96888->96889 96929 823084 22 API calls 96888->96929 96889->96873 96890 822fe8 96889->96890 96890->96883 96932 8263eb 22 API calls 96890->96932 96892 822fbf 96930 82a8c7 22 API calls __fread_nolock 96892->96930 96895 822ff8 96933 826a50 22 API calls 96895->96933 96896 822fcd 96931 823084 22 API calls 96896->96931 96898 823006 96934 8270b0 23 API calls 96898->96934 96903 823021 96904 823065 96903->96904 96935 826f88 22 API calls 96903->96935 96936 8270b0 23 API calls 96903->96936 96937 823084 22 API calls 96903->96937 96907 824af0 __wsopen_s 96906->96907 96908 826b57 22 API calls 96907->96908 96909 824b22 96907->96909 96908->96909 96919 824b58 96909->96919 96945 824c6d 96909->96945 96911 829cb3 22 API calls 96913 824c52 96911->96913 96912 829cb3 22 API calls 96912->96919 96915 82515f 22 API calls 96913->96915 96914 824c6d 22 API calls 96914->96919 96916 824c5e 96915->96916 96916->96831 96917 82515f 22 API calls 96917->96919 96918 824c29 96918->96911 96918->96916 96919->96912 96919->96914 96919->96917 96919->96918 96920->96843 96921->96847 96922->96854 96923->96862 96924->96872 96925->96875 96926->96880 96927->96885 96928->96888 96929->96892 96930->96896 96931->96889 96932->96895 96933->96898 96934->96903 96935->96903 96936->96903 96937->96903 96938->96855 96939->96859 96940->96866 96941->96869 96942->96873 96943->96879 96944->96883 96946 82aec9 22 API calls 96945->96946 96947 824c78 96946->96947 96947->96909 96948 82105b 96953 82344d 96948->96953 96950 82106a 96984 8400a3 29 API calls __onexit 96950->96984 96952 821074 96954 82345d __wsopen_s 96953->96954 96955 82a961 22 API calls 96954->96955 96956 823513 96955->96956 96957 823a5a 24 API calls 96956->96957 96958 82351c 96957->96958 96985 823357 96958->96985 96961 8233c6 22 API calls 96962 823535 96961->96962 96963 82515f 22 API calls 96962->96963 96964 823544 96963->96964 96965 82a961 22 API calls 96964->96965 96966 82354d 96965->96966 96967 82a6c3 22 API calls 96966->96967 96968 823556 RegOpenKeyExW 96967->96968 96969 863176 RegQueryValueExW 96968->96969 96973 823578 96968->96973 96970 863193 96969->96970 96971 86320c RegCloseKey 96969->96971 96972 83fe0b 22 API calls 96970->96972 96971->96973 96983 86321e _wcslen 96971->96983 96974 8631ac 96972->96974 96973->96950 96975 825722 22 API calls 96974->96975 96976 8631b7 RegQueryValueExW 96975->96976 96978 8631d4 96976->96978 96980 8631ee messages 96976->96980 96977 824c6d 22 API calls 96977->96983 96979 826b57 22 API calls 96978->96979 96979->96980 96980->96971 96981 829cb3 22 API calls 96981->96983 96982 82515f 22 API calls 96982->96983 96983->96973 96983->96977 96983->96981 96983->96982 96984->96952 96986 861f50 __wsopen_s 96985->96986 96987 823364 GetFullPathNameW 96986->96987 96988 823386 96987->96988 96989 826b57 22 API calls 96988->96989 96990 8233a4 96989->96990 96990->96961 96991 821098 96996 8242de 96991->96996 96995 8210a7 96997 82a961 22 API calls 96996->96997 96998 8242f5 GetVersionExW 96997->96998 96999 826b57 22 API calls 96998->96999 97000 824342 96999->97000 97001 8293b2 22 API calls 97000->97001 97005 824378 97000->97005 97002 82436c 97001->97002 97003 8237a0 22 API calls 97002->97003 97003->97005 97004 82441b GetCurrentProcess IsWow64Process 97006 824437 97004->97006 97005->97004 97009 8637df 97005->97009 97007 863824 GetSystemInfo 97006->97007 97008 82444f LoadLibraryA 97006->97008 97010 824460 GetProcAddress 97008->97010 97011 82449c GetSystemInfo 97008->97011 97010->97011 97013 824470 GetNativeSystemInfo 97010->97013 97012 824476 97011->97012 97014 82109d 97012->97014 97015 82447a FreeLibrary 97012->97015 97013->97012 97016 8400a3 29 API calls __onexit 97014->97016 97015->97014 97016->96995 97017 82f7bf 97018 82f7d3 97017->97018 97019 82fcb6 97017->97019 97021 82fcc2 97018->97021 97022 83fddb 22 API calls 97018->97022 97020 82aceb 23 API calls 97019->97020 97020->97021 97023 82aceb 23 API calls 97021->97023 97024 82f7e5 97022->97024 97025 82fd3d 97023->97025 97024->97021 97024->97025 97026 82f83e 97024->97026 97054 891155 22 API calls 97025->97054 97028 831310 348 API calls 97026->97028 97051 82ed9d messages 97026->97051 97049 82ec76 messages 97028->97049 97029 83fddb 22 API calls 97029->97049 97031 82fef7 97031->97051 97056 82a8c7 22 API calls __fread_nolock 97031->97056 97033 874b0b 97058 89359c 82 API calls __wsopen_s 97033->97058 97034 82a8c7 22 API calls 97034->97049 97035 874600 97035->97051 97055 82a8c7 22 API calls __fread_nolock 97035->97055 97041 840242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 97041->97049 97042 82fbe3 97044 874bdc 97042->97044 97050 82f3ae messages 97042->97050 97042->97051 97043 82a961 22 API calls 97043->97049 97059 89359c 82 API calls __wsopen_s 97044->97059 97046 8401f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 97046->97049 97047 874beb 97060 89359c 82 API calls __wsopen_s 97047->97060 97048 8400a3 29 API calls pre_c_initialization 97048->97049 97049->97029 97049->97031 97049->97033 97049->97034 97049->97035 97049->97041 97049->97042 97049->97043 97049->97046 97049->97047 97049->97048 97049->97050 97049->97051 97052 8301e0 348 API calls 2 library calls 97049->97052 97053 8306a0 41 API calls messages 97049->97053 97050->97051 97057 89359c 82 API calls __wsopen_s 97050->97057 97052->97049 97053->97049 97054->97051 97055->97051 97056->97051 97057->97051 97058->97051 97059->97047 97060->97051 97061 82defc 97064 821d6f 97061->97064 97063 82df07 97065 821d8c 97064->97065 97066 821f6f 348 API calls 97065->97066 97067 821da6 97066->97067 97068 862759 97067->97068 97070 821e36 97067->97070 97071 821dc2 97067->97071 97074 89359c 82 API calls __wsopen_s 97068->97074 97070->97063 97071->97070 97073 82289a 23 API calls 97071->97073 97073->97070 97074->97070 97075 8b2a55 97083 891ebc 97075->97083 97078 8b2a70 97085 8839c0 22 API calls 97078->97085 97080 8b2a7c 97086 88417d 22 API calls __fread_nolock 97080->97086 97082 8b2a87 97084 891ec3 IsWindow 97083->97084 97084->97078 97084->97082 97085->97080 97086->97082 97087 8403fb 97088 840407 ___DestructExceptionObject 97087->97088 97116 83feb1 97088->97116 97090 84040e 97091 840561 97090->97091 97094 840438 97090->97094 97146 84083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 97091->97146 97093 840568 97139 844e52 97093->97139 97104 840477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 97094->97104 97127 85247d 97094->97127 97101 840457 97103 8404d8 97135 840959 97103->97135 97104->97103 97142 844e1a 38 API calls 3 library calls 97104->97142 97107 8404de 97108 8404f3 97107->97108 97143 840992 GetModuleHandleW 97108->97143 97110 8404fa 97110->97093 97111 8404fe 97110->97111 97112 840507 97111->97112 97144 844df5 28 API calls _abort 97111->97144 97145 840040 13 API calls 2 library calls 97112->97145 97115 84050f 97115->97101 97117 83feba 97116->97117 97148 840698 IsProcessorFeaturePresent 97117->97148 97119 83fec6 97149 842c94 10 API calls 3 library calls 97119->97149 97121 83fecb 97122 83fecf 97121->97122 97150 852317 97121->97150 97122->97090 97125 83fee6 97125->97090 97130 852494 97127->97130 97128 840a8c _ValidateLocalCookies 5 API calls 97129 840451 97128->97129 97129->97101 97131 852421 97129->97131 97130->97128 97132 852450 97131->97132 97133 840a8c _ValidateLocalCookies 5 API calls 97132->97133 97134 852479 97133->97134 97134->97104 97201 842340 97135->97201 97138 84097f 97138->97107 97203 844bcf 97139->97203 97142->97103 97143->97110 97144->97112 97145->97115 97146->97093 97148->97119 97149->97121 97154 85d1f6 97150->97154 97153 842cbd 8 API calls 3 library calls 97153->97122 97157 85d213 97154->97157 97158 85d20f 97154->97158 97156 83fed8 97156->97125 97156->97153 97157->97158 97160 854bfb 97157->97160 97172 840a8c 97158->97172 97161 854c07 ___DestructExceptionObject 97160->97161 97179 852f5e EnterCriticalSection 97161->97179 97163 854c0e 97180 8550af 97163->97180 97165 854c1d 97171 854c2c 97165->97171 97193 854a8f 29 API calls 97165->97193 97168 854c27 97194 854b45 GetStdHandle GetFileType 97168->97194 97170 854c3d __fread_nolock 97170->97157 97195 854c48 LeaveCriticalSection _abort 97171->97195 97173 840a95 97172->97173 97174 840a97 IsProcessorFeaturePresent 97172->97174 97173->97156 97176 840c5d 97174->97176 97200 840c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 97176->97200 97178 840d40 97178->97156 97179->97163 97181 8550bb ___DestructExceptionObject 97180->97181 97182 8550df 97181->97182 97183 8550c8 97181->97183 97196 852f5e EnterCriticalSection 97182->97196 97197 84f2d9 20 API calls __dosmaperr 97183->97197 97186 8550cd 97198 8527ec 26 API calls ___std_exception_copy 97186->97198 97188 8550d7 __fread_nolock 97188->97165 97189 855117 97199 85513e LeaveCriticalSection _abort 97189->97199 97191 8550eb 97191->97189 97192 855000 __wsopen_s 21 API calls 97191->97192 97192->97191 97193->97168 97194->97171 97195->97170 97196->97191 97197->97186 97198->97188 97199->97188 97200->97178 97202 84096c GetStartupInfoW 97201->97202 97202->97138 97204 844bdb pair 97203->97204 97205 844bf4 97204->97205 97206 844be2 97204->97206 97227 852f5e EnterCriticalSection 97205->97227 97242 844d29 GetModuleHandleW 97206->97242 97209 844be7 97209->97205 97243 844d6d GetModuleHandleExW 97209->97243 97210 844c99 97231 844cd9 97210->97231 97214 844c70 97219 844c88 97214->97219 97224 852421 _abort 5 API calls 97214->97224 97216 844bfb 97216->97210 97216->97214 97228 8521a8 97216->97228 97217 844cb6 97234 844ce8 97217->97234 97218 844ce2 97251 861d29 5 API calls _ValidateLocalCookies 97218->97251 97220 852421 _abort 5 API calls 97219->97220 97220->97210 97224->97219 97227->97216 97252 851ee1 97228->97252 97271 852fa6 LeaveCriticalSection 97231->97271 97233 844cb2 97233->97217 97233->97218 97272 85360c 97234->97272 97237 844d16 97240 844d6d _abort 8 API calls 97237->97240 97238 844cf6 GetPEB 97238->97237 97239 844d06 GetCurrentProcess TerminateProcess 97238->97239 97239->97237 97241 844d1e ExitProcess 97240->97241 97242->97209 97244 844d97 GetProcAddress 97243->97244 97245 844dba 97243->97245 97246 844dac 97244->97246 97247 844dc0 FreeLibrary 97245->97247 97248 844dc9 97245->97248 97246->97245 97247->97248 97249 840a8c _ValidateLocalCookies 5 API calls 97248->97249 97250 844bf3 97249->97250 97250->97205 97255 851e90 97252->97255 97254 851f05 97254->97214 97256 851e9c ___DestructExceptionObject 97255->97256 97263 852f5e EnterCriticalSection 97256->97263 97258 851eaa 97264 851f31 97258->97264 97262 851ec8 __fread_nolock 97262->97254 97263->97258 97265 851f51 97264->97265 97266 851f59 97264->97266 97267 840a8c _ValidateLocalCookies 5 API calls 97265->97267 97266->97265 97269 8529c8 _free 20 API calls 97266->97269 97268 851eb7 97267->97268 97270 851ed5 LeaveCriticalSection _abort 97268->97270 97269->97265 97270->97262 97271->97233 97273 853627 97272->97273 97274 853631 97272->97274 97276 840a8c _ValidateLocalCookies 5 API calls 97273->97276 97279 852fd7 5 API calls 2 library calls 97274->97279 97277 844cf2 97276->97277 97277->97237 97277->97238 97278 853648 97278->97273 97279->97278

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 389 8242de-82434d call 82a961 GetVersionExW call 826b57 394 863617-86362a 389->394 395 824353 389->395 396 86362b-86362f 394->396 397 824355-824357 395->397 398 863632-86363e 396->398 399 863631 396->399 400 863656 397->400 401 82435d-8243bc call 8293b2 call 8237a0 397->401 398->396 402 863640-863642 398->402 399->398 405 86365d-863660 400->405 417 8243c2-8243c4 401->417 418 8637df-8637e6 401->418 402->397 404 863648-86364f 402->404 404->394 408 863651 404->408 409 863666-8636a8 405->409 410 82441b-824435 GetCurrentProcess IsWow64Process 405->410 408->400 409->410 414 8636ae-8636b1 409->414 412 824437 410->412 413 824494-82449a 410->413 419 82443d-824449 412->419 413->419 415 8636b3-8636bd 414->415 416 8636db-8636e5 414->416 420 8636bf-8636c5 415->420 421 8636ca-8636d6 415->421 423 8636e7-8636f3 416->423 424 8636f8-863702 416->424 417->405 422 8243ca-8243dd 417->422 425 863806-863809 418->425 426 8637e8 418->426 427 863824-863828 GetSystemInfo 419->427 428 82444f-82445e LoadLibraryA 419->428 420->410 421->410 429 863726-86372f 422->429 430 8243e3-8243e5 422->430 423->410 432 863704-863710 424->432 433 863715-863721 424->433 434 8637f4-8637fc 425->434 435 86380b-86381a 425->435 431 8637ee 426->431 436 824460-82446e GetProcAddress 428->436 437 82449c-8244a6 GetSystemInfo 428->437 441 863731-863737 429->441 442 86373c-863748 429->442 439 8243eb-8243ee 430->439 440 86374d-863762 430->440 431->434 432->410 433->410 434->425 435->431 443 86381c-863822 435->443 436->437 444 824470-824474 GetNativeSystemInfo 436->444 438 824476-824478 437->438 449 824481-824493 438->449 450 82447a-82447b FreeLibrary 438->450 445 8243f4-82440f 439->445 446 863791-863794 439->446 447 863764-86376a 440->447 448 86376f-86377b 440->448 441->410 442->410 443->434 444->438 452 863780-86378c 445->452 453 824415 445->453 446->410 451 86379a-8637c1 446->451 447->410 448->410 450->449 454 8637c3-8637c9 451->454 455 8637ce-8637da 451->455 452->410 453->410 454->410 455->410
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetVersionExW.KERNEL32(?), ref: 0082430D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00826B57: _wcslen.LIBCMT ref: 00826B6A
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,008BCB64,00000000,?,?), ref: 00824422
                                                                                                                                                                                                                                                                                                                                                            • IsWow64Process.KERNEL32(00000000,?,?), ref: 00824429
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00824454
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00824466
                                                                                                                                                                                                                                                                                                                                                            • GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 00824474
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?), ref: 0082447B
                                                                                                                                                                                                                                                                                                                                                            • GetSystemInfo.KERNEL32(?,?,?), ref: 008244A0
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9b2a3f859c2f214b279cd040f01edc874c6b4b3c93779191e1fd6bbf9bfe7125
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6620439c469568b439c75b4d7b1f4b0282fbb83ed60b3ddd0331295b852431c7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9b2a3f859c2f214b279cd040f01edc874c6b4b3c93779191e1fd6bbf9bfe7125
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3CA1D36690A2D4CFCF12D77DBC499B67FE4FB36304B0858A9D081D3B22D2284548CB25

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 793 8242a2-8242ba CreateStreamOnHGlobal 794 8242da-8242dd 793->794 795 8242bc-8242d3 FindResourceExW 793->795 796 8242d9 795->796 797 8635ba-8635c9 LoadResource 795->797 796->794 797->796 798 8635cf-8635dd SizeofResource 797->798 798->796 799 8635e3-8635ee LockResource 798->799 799->796 800 8635f4-863612 799->800 800->796
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,008250AA,?,?,00000000,00000000), ref: 008242B2
                                                                                                                                                                                                                                                                                                                                                            • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,008250AA,?,?,00000000,00000000), ref: 008242C9
                                                                                                                                                                                                                                                                                                                                                            • LoadResource.KERNEL32(?,00000000,?,?,008250AA,?,?,00000000,00000000,?,?,?,?,?,?,00824F20), ref: 008635BE
                                                                                                                                                                                                                                                                                                                                                            • SizeofResource.KERNEL32(?,00000000,?,?,008250AA,?,?,00000000,00000000,?,?,?,?,?,?,00824F20), ref: 008635D3
                                                                                                                                                                                                                                                                                                                                                            • LockResource.KERNEL32(008250AA,?,?,008250AA,?,?,00000000,00000000,?,?,?,?,?,?,00824F20,?), ref: 008635E6
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                                                                                                            • String ID: SCRIPT
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e1431972354002e484e454b0b6e6ecb89822238ef1ccb7ec2f36d45b513fbda9
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f1158c7458b1f8d5593d6deac3ac52fbd1b3430076c008452163a4fa26abbc11
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e1431972354002e484e454b0b6e6ecb89822238ef1ccb7ec2f36d45b513fbda9
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 36117C70240701FFDB218B66EC48F677BBAFBC5B51F104269B412D6250DBB2DC408630

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00822B6B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00823A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,008F1418,?,00822E7F,?,?,?,00000000), ref: 00823A78
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(runas,?,?,?,?,?,008E2224), ref: 00862C10
                                                                                                                                                                                                                                                                                                                                                            • ShellExecuteW.SHELL32(00000000,?,?,008E2224), ref: 00862C17
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: runas
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 448630720-4000483414
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b4bca730cc19354031137546d7c26c423e926df15335bf33b3870073f304a69e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1ba7dddadfd88595670ab0137debb311553ac907de8327c6454b20e05454c5c2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b4bca730cc19354031137546d7c26c423e926df15335bf33b3870073f304a69e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0211E731104365EAC704FF78F8659BE7BA5FBA5310F44042DF182D21A2CF258689C753

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 1008 88d4dc-88d524 CreateToolhelp32Snapshot Process32FirstW call 88def7 1011 88d5d2-88d5d5 1008->1011 1012 88d529-88d538 Process32NextW 1011->1012 1013 88d5db-88d5ea CloseHandle 1011->1013 1012->1013 1014 88d53e-88d5ad call 82a961 * 2 call 829cb3 call 82525f call 82988f call 826350 call 83ce60 1012->1014 1029 88d5af-88d5b1 1014->1029 1030 88d5b7-88d5be 1014->1030 1031 88d5c0-88d5cd call 82988f * 2 1029->1031 1032 88d5b3-88d5b5 1029->1032 1030->1031 1031->1011 1032->1030 1032->1031
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 0088D501
                                                                                                                                                                                                                                                                                                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 0088D50F
                                                                                                                                                                                                                                                                                                                                                            • Process32NextW.KERNEL32(00000000,?), ref: 0088D52F
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNELBASE(00000000), ref: 0088D5DC
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 53215a36ff350b169e6ac23ba7ef0e1cd1fd2c521960dd8528ce349bd541ff61
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e7b8cb62fcd5ef9511986840314f6378a2976ffca4c7f26900a97558ebe487b2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 53215a36ff350b169e6ac23ba7ef0e1cd1fd2c521960dd8528ce349bd541ff61
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D3191711083009FD304EF58D885AAFBBE8FF99354F14092DF581D61A1EB719989CB93
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,00865222), ref: 0088DBCE
                                                                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNELBASE(?), ref: 0088DBDD
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 0088DBEE
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0088DBFA
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d3fd48753d0ad175a363b3f9d9ffa7b476a610ecc70b906b2e50862a0e336b7d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3373502db5046b004fafc9f4fda3eb0c367d4649093aa582f5fd1a9eb959b1ea
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d3fd48753d0ad175a363b3f9d9ffa7b476a610ecc70b906b2e50862a0e336b7d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7BF06531814A14578220BB7CAD0D8AA776DFF41335B544706F876D22F0EBB05D55C7D5
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(008528E9,?,00844CBE,008528E9,008E88B8,0000000C,00844E15,008528E9,00000002,00000000,?,008528E9), ref: 00844D09
                                                                                                                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,00844CBE,008528E9,008E88B8,0000000C,00844E15,008528E9,00000002,00000000,?,008528E9), ref: 00844D10
                                                                                                                                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00844D22
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6f848377bae4835d1f38fdb07eae0f3c0737fee0e968780550e56d9cfceefa04
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 96a3b89e7aff149f69637cb5ae19bda256f5516ccf0ae8ab225dfe92c8c1d2f6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f848377bae4835d1f38fdb07eae0f3c0737fee0e968780550e56d9cfceefa04
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 23E0B631400148ABCF11AF58DD09B583BA9FB45781B504118FC16DA222CB35DD42DA80

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 0 8aaff9-8ab056 call 842340 3 8ab058-8ab06b call 82b567 0->3 4 8ab094-8ab098 0->4 12 8ab0c8 3->12 13 8ab06d-8ab092 call 82b567 * 2 3->13 6 8ab09a-8ab0bb call 82b567 * 2 4->6 7 8ab0dd-8ab0e0 4->7 28 8ab0bf-8ab0c4 6->28 9 8ab0e2-8ab0e5 7->9 10 8ab0f5-8ab119 call 827510 call 827620 7->10 14 8ab0e8-8ab0ed call 82b567 9->14 31 8ab1d8-8ab1e0 10->31 32 8ab11f-8ab178 call 827510 call 827620 call 827510 call 827620 call 827510 call 827620 10->32 17 8ab0cb-8ab0cf 12->17 13->28 14->10 22 8ab0d9-8ab0db 17->22 23 8ab0d1-8ab0d7 17->23 22->7 22->10 23->14 28->7 33 8ab0c6 28->33 36 8ab20a-8ab238 GetCurrentDirectoryW call 83fe0b GetCurrentDirectoryW 31->36 37 8ab1e2-8ab1fd call 827510 call 827620 31->37 82 8ab17a-8ab195 call 827510 call 827620 32->82 83 8ab1a6-8ab1d6 GetSystemDirectoryW call 83fe0b GetSystemDirectoryW 32->83 33->17 45 8ab23c 36->45 37->36 53 8ab1ff-8ab208 call 844963 37->53 48 8ab240-8ab244 45->48 51 8ab246-8ab270 call 829c6e * 3 48->51 52 8ab275-8ab285 call 8900d9 48->52 51->52 64 8ab28b-8ab2e1 call 8907c0 call 8906e6 call 8905a7 52->64 65 8ab287-8ab289 52->65 53->36 53->52 66 8ab2ee-8ab2f2 64->66 98 8ab2e3 64->98 65->66 71 8ab39a-8ab3be CreateProcessW 66->71 72 8ab2f8-8ab321 call 8811c8 66->72 76 8ab3c1-8ab3d4 call 83fe14 * 2 71->76 87 8ab32a call 8814ce 72->87 88 8ab323-8ab328 call 881201 72->88 103 8ab42f-8ab43d CloseHandle 76->103 104 8ab3d6-8ab3e8 76->104 82->83 105 8ab197-8ab1a0 call 844963 82->105 83->45 97 8ab32f-8ab33c call 844963 87->97 88->97 113 8ab33e-8ab345 97->113 114 8ab347-8ab357 call 844963 97->114 98->66 107 8ab43f-8ab444 103->107 108 8ab49c 103->108 109 8ab3ea 104->109 110 8ab3ed-8ab3fc 104->110 105->48 105->83 115 8ab451-8ab456 107->115 116 8ab446-8ab44c CloseHandle 107->116 111 8ab4a0-8ab4a4 108->111 109->110 117 8ab3fe 110->117 118 8ab401-8ab42a GetLastError call 82630c call 82cfa0 110->118 119 8ab4b2-8ab4bc 111->119 120 8ab4a6-8ab4b0 111->120 113->113 113->114 136 8ab359-8ab360 114->136 137 8ab362-8ab372 call 844963 114->137 123 8ab458-8ab45e CloseHandle 115->123 124 8ab463-8ab468 115->124 116->115 117->118 127 8ab4e5-8ab4f6 call 890175 118->127 128 8ab4be 119->128 129 8ab4c4-8ab4e3 call 82cfa0 CloseHandle 119->129 120->127 123->124 131 8ab46a-8ab470 CloseHandle 124->131 132 8ab475-8ab49a call 8909d9 call 8ab536 124->132 128->129 129->127 131->132 132->111 136->136 136->137 146 8ab37d-8ab398 call 83fe14 * 3 137->146 147 8ab374-8ab37b 137->147 146->76 147->146 147->147
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008AB198
                                                                                                                                                                                                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 008AB1B0
                                                                                                                                                                                                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 008AB1D4
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008AB200
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 008AB214
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 008AB236
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008AB332
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008905A7: GetStdHandle.KERNEL32(000000F6), ref: 008905C6
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008AB34B
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008AB366
                                                                                                                                                                                                                                                                                                                                                            • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 008AB3B6
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000), ref: 008AB407
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 008AB439
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 008AB44A
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 008AB45C
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 008AB46E
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 008AB4E3
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 539a7e1796d334693aed77edd4b5af8e4eedcdb9742cb33b8db2ea19650c636a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 395e69764b5b5e5b084c35b6bdcb7e3c48d770246e33fec36ef6fb9a77184055
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 539a7e1796d334693aed77edd4b5af8e4eedcdb9742cb33b8db2ea19650c636a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E0F179315082509FDB14EF28D891B6ABBE5FF86314F14855DF899DB2A2DB31EC40CB92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetInputState.USER32 ref: 0082D807
                                                                                                                                                                                                                                                                                                                                                            • timeGetTime.WINMM ref: 0082DA07
                                                                                                                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0082DB28
                                                                                                                                                                                                                                                                                                                                                            • TranslateMessage.USER32(?), ref: 0082DB7B
                                                                                                                                                                                                                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 0082DB89
                                                                                                                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0082DB9F
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(0000000A), ref: 0082DBB1
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2189390790-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: be6154ccd08079d26815721a7e1c8c611c9969b29c73dcd145835a480361d4c3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b5daea1bb536b69c069c85b9481cc6ec3f4b2793f21122b5e68994ecdf7907e6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: be6154ccd08079d26815721a7e1c8c611c9969b29c73dcd145835a480361d4c3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5642BF70608355DFDB25CB28D858FAABBE0FF85314F148659F49AC7291D770E884CB92

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00822D07
                                                                                                                                                                                                                                                                                                                                                            • RegisterClassExW.USER32(00000030), ref: 00822D31
                                                                                                                                                                                                                                                                                                                                                            • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00822D42
                                                                                                                                                                                                                                                                                                                                                            • InitCommonControlsEx.COMCTL32(?), ref: 00822D5F
                                                                                                                                                                                                                                                                                                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00822D6F
                                                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(000000A9), ref: 00822D85
                                                                                                                                                                                                                                                                                                                                                            • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00822D94
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: +$0$AutoIt v3 GUI$P.$TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2914291525-331932848
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ed0eaa7039de4a5a4b80a906f7bf2ffd7942d1d9305c984ad0d30f70ab7d7687
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c72852e267be9722d8993afdbd51b3ca378013826157509554c4db8a1ec42a5d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ed0eaa7039de4a5a4b80a906f7bf2ffd7942d1d9305c984ad0d30f70ab7d7687
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FB21C3B5A51218EFDF00DFA4E889BEDBFB4FB08700F10821AF651A62A0D7B54545CF95

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 457 86065b-86068b call 86042f 460 8606a6-8606b2 call 855221 457->460 461 86068d-860698 call 84f2c6 457->461 466 8606b4-8606c9 call 84f2c6 call 84f2d9 460->466 467 8606cb-860714 call 86039a 460->467 468 86069a-8606a1 call 84f2d9 461->468 466->468 477 860716-86071f 467->477 478 860781-86078a GetFileType 467->478 475 86097d-860983 468->475 482 860756-86077c GetLastError call 84f2a3 477->482 483 860721-860725 477->483 479 8607d3-8607d6 478->479 480 86078c-8607bd GetLastError call 84f2a3 CloseHandle 478->480 486 8607df-8607e5 479->486 487 8607d8-8607dd 479->487 480->468 494 8607c3-8607ce call 84f2d9 480->494 482->468 483->482 488 860727-860754 call 86039a 483->488 491 8607e9-860837 call 85516a 486->491 492 8607e7 486->492 487->491 488->478 488->482 499 860847-86086b call 86014d 491->499 500 860839-860845 call 8605ab 491->500 492->491 494->468 507 86087e-8608c1 499->507 508 86086d 499->508 500->499 506 86086f-860879 call 8586ae 500->506 506->475 510 8608e2-8608f0 507->510 511 8608c3-8608c7 507->511 508->506 514 8608f6-8608fa 510->514 515 86097b 510->515 511->510 513 8608c9-8608dd 511->513 513->510 514->515 516 8608fc-86092f CloseHandle call 86039a 514->516 515->475 519 860963-860977 516->519 520 860931-86095d GetLastError call 84f2a3 call 855333 516->520 519->515 520->519
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0086039A: CreateFileW.KERNELBASE(00000000,00000000,?,00860704,?,?,00000000,?,00860704,00000000,0000000C), ref: 008603B7
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0086076F
                                                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00860776
                                                                                                                                                                                                                                                                                                                                                            • GetFileType.KERNELBASE(00000000), ref: 00860782
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0086078C
                                                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00860795
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 008607B5
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 008608FF
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00860931
                                                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00860938
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                                                                                            • String ID: H
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 95eb76e747f68630acf7f1690be6d65eca18fa84f74717c620a64b46480d6f97
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 61f428b5451ac430654690734f609ab88f273bcc7ab2c4caf87ee47d67347db6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 95eb76e747f68630acf7f1690be6d65eca18fa84f74717c620a64b46480d6f97
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BEA10132A142188FDF19AF68D851BAE7BA0FB06324F15015DF815EB3D2DB319912CF96

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00823A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,008F1418,?,00822E7F,?,?,?,00000000), ref: 00823A78
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00823357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00823379
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 0082356A
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 0086318D
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 008631CE
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00863210
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00863277
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00863286
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                                                                                                            • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 81a1d6538d434d68f57146e32d8c519c81504e444ec05f0fecb510c793be9659
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 223638152e5fbd8b9323ac226d0534c0713903f44a28e9409a48c2f0fb04909d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 81a1d6538d434d68f57146e32d8c519c81504e444ec05f0fecb510c793be9659
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8F7149B14043159EC314EF69EC91DABBBE8FF95740F40092EF585C6271EB349A88CB62

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00822B8E
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 00822B9D
                                                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(00000063), ref: 00822BB3
                                                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(000000A4), ref: 00822BC5
                                                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(000000A2), ref: 00822BD7
                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00822BEF
                                                                                                                                                                                                                                                                                                                                                            • RegisterClassExW.USER32(?), ref: 00822C40
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00822CD4: GetSysColorBrush.USER32(0000000F), ref: 00822D07
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00822CD4: RegisterClassExW.USER32(00000030), ref: 00822D31
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00822CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00822D42
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00822CD4: InitCommonControlsEx.COMCTL32(?), ref: 00822D5F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00822CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00822D6F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00822CD4: LoadIconW.USER32(000000A9), ref: 00822D85
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00822CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00822D94
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9a549cde33834bcfb7512c5b301ef19107153687724b8be293e64062a1dd2c83
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 335ec54c59725a0ef6c53703b3cb40a0102ad345dcae5da3dac51fcb241adac1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9a549cde33834bcfb7512c5b301ef19107153687724b8be293e64062a1dd2c83
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 85211870E40319EBDF109FAAEC59EAA7FB4FB48B50F00411AF600A67A0D7B90544CF94

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 598 823170-823185 599 823187-82318a 598->599 600 8231e5-8231e7 598->600 602 8231eb 599->602 603 82318c-823193 599->603 600->599 601 8231e9 600->601 604 8231d0-8231d8 DefWindowProcW 601->604 605 8231f1-8231f6 602->605 606 862dfb-862e23 call 8218e2 call 83e499 602->606 607 823265-82326d PostQuitMessage 603->607 608 823199-82319e 603->608 609 8231de-8231e4 604->609 611 8231f8-8231fb 605->611 612 82321d-823244 SetTimer RegisterWindowMessageW 605->612 644 862e28-862e2f 606->644 610 823219-82321b 607->610 614 8231a4-8231a8 608->614 615 862e7c-862e90 call 88bf30 608->615 610->609 616 823201-82320f KillTimer call 8230f2 611->616 617 862d9c-862d9f 611->617 612->610 619 823246-823251 CreatePopupMenu 612->619 620 8231ae-8231b3 614->620 621 862e68-862e72 call 88c161 614->621 615->610 639 862e96 615->639 634 823214 call 823c50 616->634 623 862dd7-862df6 MoveWindow 617->623 624 862da1-862da5 617->624 619->610 628 862e4d-862e54 620->628 629 8231b9-8231be 620->629 635 862e77 621->635 623->610 631 862dc6-862dd2 SetFocus 624->631 632 862da7-862daa 624->632 628->604 633 862e5a-862e63 call 880ad7 628->633 637 823253-823263 call 82326f 629->637 638 8231c4-8231ca 629->638 631->610 632->638 640 862db0-862dc1 call 8218e2 632->640 633->604 634->610 635->610 637->610 638->604 638->644 639->604 640->610 644->604 645 862e35-862e48 call 8230f2 call 823837 644->645 645->604
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,0082316A,?,?), ref: 008231D8
                                                                                                                                                                                                                                                                                                                                                            • KillTimer.USER32(?,00000001,?,?,?,?,?,0082316A,?,?), ref: 00823204
                                                                                                                                                                                                                                                                                                                                                            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00823227
                                                                                                                                                                                                                                                                                                                                                            • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,0082316A,?,?), ref: 00823232
                                                                                                                                                                                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 00823246
                                                                                                                                                                                                                                                                                                                                                            • PostQuitMessage.USER32(00000000), ref: 00823267
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                                                                                                            • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d1b2773aaf9b25e53235b0bdad6eeb5d4c948a93cd6520b667ef9fb4dc92cb69
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 581a51043ed5ae02d37b24a7bf741f76d267f2fe25209654549e9b6d06c7e0ba
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d1b2773aaf9b25e53235b0bdad6eeb5d4c948a93cd6520b667ef9fb4dc92cb69
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D410431200228E7DF151B7CAC2DF793A69FB05345F540125F642D62A2DB6ADA80D7A6

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 654 821410-821449 655 82144f-821465 mciSendStringW 654->655 656 8624b8-8624b9 DestroyWindow 654->656 657 8216c6-8216d3 655->657 658 82146b-821473 655->658 659 8624c4-8624d1 656->659 661 8216d5-8216f0 UnregisterHotKey 657->661 662 8216f8-8216ff 657->662 658->659 660 821479-821488 call 82182e 658->660 664 8624d3-8624d6 659->664 665 862500-862507 659->665 675 86250e-86251a 660->675 676 82148e-821496 660->676 661->662 667 8216f2-8216f3 call 8210d0 661->667 662->658 663 821705 662->663 663->657 670 8624e2-8624e5 FindClose 664->670 671 8624d8-8624e0 call 826246 664->671 665->659 669 862509 665->669 667->662 669->675 674 8624eb-8624f8 670->674 671->674 674->665 677 8624fa-8624fb call 8932b1 674->677 680 862524-86252b 675->680 681 86251c-86251e FreeLibrary 675->681 678 862532-86253f 676->678 679 82149c-8214c1 call 82cfa0 676->679 677->665 686 862566-86256d 678->686 687 862541-86255e VirtualFree 678->687 691 8214c3 679->691 692 8214f8-821503 CoUninitialize 679->692 680->675 685 86252d 680->685 681->680 685->678 686->678 690 86256f 686->690 687->686 689 862560-862561 call 893317 687->689 689->686 694 862574-862578 690->694 695 8214c6-8214f6 call 821a05 call 8219ae 691->695 692->694 696 821509-82150e 692->696 694->696 697 86257e-862584 694->697 695->692 699 821514-82151e 696->699 700 862589-862596 call 8932eb 696->700 697->696 703 821707-821714 call 83f80e 699->703 704 821524-8215a5 call 82988f call 821944 call 8217d5 call 83fe14 call 82177c call 82988f call 82cfa0 call 8217fe call 83fe14 699->704 712 862598 700->712 703->704 714 82171a 703->714 717 86259d-8625bf call 83fdcd 704->717 744 8215ab-8215cf call 83fe14 704->744 712->717 714->703 723 8625c1 717->723 726 8625c6-8625e8 call 83fdcd 723->726 731 8625ea 726->731 734 8625ef-862611 call 83fdcd 731->734 740 862613 734->740 743 862618-862625 call 8864d4 740->743 750 862627 743->750 744->726 749 8215d5-8215f9 call 83fe14 744->749 749->734 754 8215ff-821619 call 83fe14 749->754 753 86262c-862639 call 83ac64 750->753 758 86263b 753->758 754->743 760 82161f-821643 call 8217d5 call 83fe14 754->760 761 862640-86264d call 893245 758->761 760->753 769 821649-821651 760->769 767 86264f 761->767 770 862654-862661 call 8932cc 767->770 769->761 771 821657-821675 call 82988f call 82190a 769->771 777 862663 770->777 771->770 779 82167b-821689 771->779 780 862668-862675 call 8932cc 777->780 779->780 781 82168f-8216c5 call 82988f * 3 call 821876 779->781 785 862677 780->785 785->785
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00821459
                                                                                                                                                                                                                                                                                                                                                            • CoUninitialize.COMBASE ref: 008214F8
                                                                                                                                                                                                                                                                                                                                                            • UnregisterHotKey.USER32(?), ref: 008216DD
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 008624B9
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?), ref: 0086251E
                                                                                                                                                                                                                                                                                                                                                            • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0086254B
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: close all
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cbf7c48e542ba32928a4f4465a587a95f35d2df83733fb689681223dd8112d72
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 04779fb5bd27c85556a9623cc4f5246788d3f85f060180c9b869ad535e49d5c2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cbf7c48e542ba32928a4f4465a587a95f35d2df83733fb689681223dd8112d72
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 47D18E31701222CFDB29EF18D499A29F7A0FF55710F2542ADE54AEB252DB30AC52CF91

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 803 822c63-822cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00822C91
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00822CB2
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,00821CAD,?), ref: 00822CC6
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,00821CAD,?), ref: 00822CCF
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                                                                                                            • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 31a35f7c24a1f856a0a57736f137a8a71e1b5699767547a6640be651b2a84916
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 70ad7c9bf7791a212160772969069439f8fa7917ff4165f6e324b7ac6281e038
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 31a35f7c24a1f856a0a57736f137a8a71e1b5699767547a6640be651b2a84916
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 86F0DA76540290BAEB311727AC0CEB72EBDF7C7F60B10005AF900A67A0C6691854DAB4

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00821BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00821BF4
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00821BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00821BFC
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00821BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00821C07
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00821BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00821C12
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00821BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00821C1A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00821BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00821C22
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00821B4A: RegisterWindowMessageW.USER32(00000004,?,008212C4), ref: 00821BA2
                                                                                                                                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0082136A
                                                                                                                                                                                                                                                                                                                                                            • OleInitialize.OLE32 ref: 00821388
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000), ref: 008624AB
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: X$:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1986988660-3078242110
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 781bbbf3a070bfd0550d82f3867d373aac9b8a125814bd2685e1acdd5385fee8
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 64ebfe2b15f0e5166c936f46ab28bd41d0db486434c3a3624dcd607c2fb9c4f3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 781bbbf3a070bfd0550d82f3867d373aac9b8a125814bd2685e1acdd5385fee8
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD71CEB4911204CFCF84EFBAA94DA753AE1FBAC784754823AD11AC7361EB304448CF55

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 997 823b1c-823b27 998 823b99-823b9b 997->998 999 823b29-823b2e 997->999 1000 823b8c-823b8f 998->1000 999->998 1001 823b30-823b48 RegOpenKeyExW 999->1001 1001->998 1002 823b4a-823b69 RegQueryValueExW 1001->1002 1003 823b80-823b8b RegCloseKey 1002->1003 1004 823b6b-823b76 1002->1004 1003->1000 1005 823b90-823b97 1004->1005 1006 823b78-823b7a 1004->1006 1007 823b7e 1005->1007 1006->1007 1007->1003
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00823B0F,SwapMouseButtons,00000004,?), ref: 00823B40
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00823B0F,SwapMouseButtons,00000004,?), ref: 00823B61
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00823B0F,SwapMouseButtons,00000004,?), ref: 00823B83
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                                                            • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 37f244bbddf17368a0d756e809f87ae40d544ee79b194411139e7fa122f3ac73
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 82bbaf824d0c44d7d6c1a6dd89f0fe7d4407c154ca53852882964ef984317beb
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 37f244bbddf17368a0d756e809f87ae40d544ee79b194411139e7fa122f3ac73
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 01112AB5511218FFDB208FA5EC54AAFB7B8FF04754B104559B805D7110D2359E819B60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 008633A2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00826B57: _wcslen.LIBCMT ref: 00826B6A
                                                                                                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00823A04
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: Line:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2289894680-1585850449
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3a968492a226005cdf395c338c3a8e8c3903c7092b28dfca2f1a152462e8c3f7
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 596d2b3cdbf66a18156418108fb8acf0c4599adf0bcdb1f4a862f67da3bc995e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a968492a226005cdf395c338c3a8e8c3903c7092b28dfca2f1a152462e8c3f7
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4331B271508324ABC725EB24EC59FEBB7D8FB45714F00492AF599C2291EB789688C7C3
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00840668
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008432A4: RaiseException.KERNEL32(?,?,?,0084068A,?,008F1444,?,?,?,?,?,?,0084068A,00821129,008E8738,00821129), ref: 00843304
                                                                                                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00840685
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                            • String ID: Unknown exception
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 85c4f5970ff0b030c451f164b11e059a3f8e8730a5d44c9f50154f820d03c114
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2596e75444e88dd7f38db77f9e7b11eb5795fdca16795e3ec50fb42e74ae3ea4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 85c4f5970ff0b030c451f164b11e059a3f8e8730a5d44c9f50154f820d03c114
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 91F0C83490030DB78B00B6A8DC4AC9E776CFE50314B604531BA25D5592EF71DA15CDC2
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00823923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00823A04
                                                                                                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 0088C259
                                                                                                                                                                                                                                                                                                                                                            • KillTimer.USER32(?,00000001,?,?), ref: 0088C261
                                                                                                                                                                                                                                                                                                                                                            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 0088C270
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 11a3c4321ca4306c89b34ed3f21bf34c66b7d82d455e91e589284d71cbf01952
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 520c36f6b1397c61f4066ecbea653f3d1a49c2cff4cf2aeddeab5a5dec034d7e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 11a3c4321ca4306c89b34ed3f21bf34c66b7d82d455e91e589284d71cbf01952
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 43318470904354AFEB629F748895BE7BBECFB06308F00049AD59AD7285C7745A84CB61
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNELBASE(00000000,00000000,?,?,008585CC,?,008E8CC8,0000000C), ref: 00858704
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,008585CC,?,008E8CC8,0000000C), ref: 0085870E
                                                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00858739
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2583163307-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c6eefef8e4ec87feabc05ad63e1b0e699527d2ec39123ad08b3c8e53d8733ba5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b97b34c023b47698c8155aa9cf412030889fe5194e43e7580360d33b06076ccb
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c6eefef8e4ec87feabc05ad63e1b0e699527d2ec39123ad08b3c8e53d8733ba5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6E014C326052209BD76062385859B7F6B85FB96776F25011AEC08EB2D2DEA08C898151
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • TranslateMessage.USER32(?), ref: 0082DB7B
                                                                                                                                                                                                                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 0082DB89
                                                                                                                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0082DB9F
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(0000000A), ref: 0082DBB1
                                                                                                                                                                                                                                                                                                                                                            • TranslateAcceleratorW.USER32(?,?,?), ref: 00871CC9
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3288985973-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2a8132c148f47fffa8fa149183a91d414b48964556b7c1b2e353bf20aed485e0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 390a12e89b02de7b90914040f9491f830ab796730d0f6d622accf9fed2cdaa4e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2a8132c148f47fffa8fa149183a91d414b48964556b7c1b2e353bf20aed485e0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F5F0FE306543459BEB30CBB59C5DFEA77A8FB85350F104A29E65AC34D0DB30A488DB25
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 008317F6
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                            • String ID: CALL
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0a0f1384b4447633a9df5acfd9ea75a79fcccaccd62745389fc38bab08386783
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ebf5a7f10f34b0b620825f8820035120bcc4af119598d361bb2fe3a0968a7720
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0a0f1384b4447633a9df5acfd9ea75a79fcccaccd62745389fc38bab08386783
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 80226B706082059FCB14DF18C488A2ABBE1FFC9714F18892DF59ACB362D771E855CB92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetOpenFileNameW.COMDLG32(?), ref: 00862C8C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00823AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00823A97,?,?,00822E7F,?,?,?,00000000), ref: 00823AC2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00822DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00822DC4
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                                                                                                            • String ID: X
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 779396738-3081909835
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5cb02db1bfdaed7f001a86141d3eb72d78e8aedf63680530cc3d8d86d0db0528
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 83f1dbeef365533db76d8a93c24a3b58f2a43b6709e62ca1db117b1699354564
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5cb02db1bfdaed7f001a86141d3eb72d78e8aedf63680530cc3d8d86d0db0528
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D219671A002AC9FCB01EF98D845BEE7BF8FF59314F004059E505E7241EBB856898FA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00823908
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6f6ddca7b566a7b5d4f5639db04161a83f8e16c61727dc6e9275ce853d2e32a5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5bfaa5c92775a2fc03c6db9be2278732c64dd1363fa3fb1d658bb7ccc3c0429c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f6ddca7b566a7b5d4f5639db04161a83f8e16c61727dc6e9275ce853d2e32a5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5D315A70604311DFD721DF24E894BA6BBE8FB49708F00092EF99AC7350E775AA84CB52
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • timeGetTime.WINMM ref: 0083F661
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0082D730: GetInputState.USER32 ref: 0082D807
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000), ref: 0087F2DE
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: InputSleepStateTimetime
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4149333218-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3cdbfbd2a6dbb4cdca34d793e54449065f5e31b700fb1668b6ea98733f847e6d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 00f8025d7f86d21c420f3eff0268be0e5f3cc054e837de48aee05cfbaccdf7a0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3cdbfbd2a6dbb4cdca34d793e54449065f5e31b700fb1668b6ea98733f847e6d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7BF08C31240615AFD310EF69E549B6ABBE8FF45760F00412AE859CB261DB70A840CB91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00824E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00824EDD,?,008F1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00824E9C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00824E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00824EAE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00824E90: FreeLibrary.KERNEL32(00000000,?,?,00824EDD,?,008F1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00824EC0
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,008F1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00824EFD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00824E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00863CDE,?,008F1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00824E62
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00824E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00824E74
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00824E59: FreeLibrary.KERNEL32(00000000,?,?,00863CDE,?,008F1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00824E87
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: bdd6f7abd30d0683c8c801c35153d09ed9f7322a7bcb16e8c79ad31f0f364d7c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f8bca9ad3fa220a00fc014de57b128d3f0d1fe6d3a19f3ffde79669255b6d09e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bdd6f7abd30d0683c8c801c35153d09ed9f7322a7bcb16e8c79ad31f0f364d7c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C111E731610225AADF14BB68ED02FAD77A5FF90710F10442DF542E61C1DE749E859B61
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: __wsopen_s
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 96f565b54689ee2ec9bcada9b147a56af82ff1fd039c72d12264c2f92b31df6a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: aa336161d7b37ca416f3ad8b013694b46bdb9b8ff90fc1d181c67c705d614f6a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 96f565b54689ee2ec9bcada9b147a56af82ff1fd039c72d12264c2f92b31df6a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C11257190410AAFCB05DF58E94099A7BF9FF48314F10405AFC09EB312DA30DA158BA9
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00854C7D: RtlAllocateHeap.NTDLL(00000008,00821129,00000000,?,00852E29,00000001,00000364,?,?,?,0084F2DE,00853863,008F1444,?,0083FDF5,?), ref: 00854CBE
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0085506C
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 614378929-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 02166d220723790b4dbe42c3ec2211e2a3df9bcf8ce3c2be2357dc6b5a8019bc
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FA014E72204B045BE331CF59D841A5AFBECFB85371F65051DE984D32C0EA306809C774
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1244d36ab5ae52e505c077b411d172770f18427aec3a916dc0092073a6fd3bb3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16F0D132510A1C96C7313A7D9C05B5A379CFF62336F110715F825E22D2DA749809C6A6
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000008,00821129,00000000,?,00852E29,00000001,00000364,?,?,?,0084F2DE,00853863,008F1444,?,0083FDF5,?), ref: 00854CBE
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 652be83ae9318eb8851b165549e0f5f818374dfa6d387d8f87a54e55150fb866
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: be0b0ad43b7253c4c45d195da51118770892b5a248bdaae436586aca8022e172
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 652be83ae9318eb8851b165549e0f5f818374dfa6d387d8f87a54e55150fb866
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 80F0E931602238A7DB215F769C09F5A3B88FFC17BAB146115BC15E7281CEB1DC4886E1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,008F1444,?,0083FDF5,?,?,0082A976,00000010,008F1440,008213FC,?,008213C6,?,00821129), ref: 00853852
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 449c898ab95255bde88a3de7302a4abeeda63a52249d0046d8a6290c013dd537
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ede5bc5cd6d5a0ad9dde0daab235c4bda22375029158486ae8798a56b6fc5631
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 449c898ab95255bde88a3de7302a4abeeda63a52249d0046d8a6290c013dd537
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 54E0E531100228A7D635267A9C04B9A3748FB427F7F050131BC14E3581CB91DE0581E1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,008F1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00824F6D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3664257935-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 30f78501b81361d2979662facaddb8e711cb1daff2ddc3c08cd246d114cf9f6e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a299dba27f7e9aa2336528dd6b919146f662e420374c4b7a773b17f6c88ad713
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 30f78501b81361d2979662facaddb8e711cb1daff2ddc3c08cd246d114cf9f6e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 29F03971105762CFDB349F64E590822BBE4FF543293209A7EE2EAD2621CB319884DF20
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • IsWindow.USER32(00000000), ref: 008B2A66
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2353593579-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9d65ca015f839da5026212db0cc0c6e3f86fac75a0e312f1d59d78ea1472c4ef
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ea4e2f18ce2845425a99261563b762b4157ef63d1bf5e754287beb8ebf082a4a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9d65ca015f839da5026212db0cc0c6e3f86fac75a0e312f1d59d78ea1472c4ef
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F1E04F3635412AAACB24FA34DC849FE7B5CFB51395710563AEC26C2240DB30999586A0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000002,?), ref: 0082314E
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1a8351bb310fdf01cc4fcc5c87bb559b7823877b57c385fb8d34b14976a94836
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: eec65f5a91d228c924521b69b64fadbfe9d631959d9d573db0accb53f199e209
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1a8351bb310fdf01cc4fcc5c87bb559b7823877b57c385fb8d34b14976a94836
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 53F037709143189FEB529F24DC4ABE57BBCB701708F0001E5A548D6292D7745B88CF51
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00822DC4
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00826B57: _wcslen.LIBCMT ref: 00826B6A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 541455249-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 09586e230dbec0fd39aa7f4c608bb84fba39832336a178990a2d6d295618efd1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2a50aeb3e3ba8cd767673beac742ecbf205e07185a02c455b24d401972eb4e7e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 09586e230dbec0fd39aa7f4c608bb84fba39832336a178990a2d6d295618efd1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 43E0CD726001245BCB21925C9C05FDA77DDFFC8790F050171FD09D7258DA60AD808551
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00823837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00823908
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0082D730: GetInputState.USER32 ref: 0082D807
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00822B6B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008230F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 0082314E
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3667716007-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ac702942490b0941c4c57515d64ac387db82e170ac242a9df8be2ce55a45cdf8
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 67d0d44c3e60e1de5111b6a32627aae9c9a3e98884cf915b05aaba31af975c63
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ac702942490b0941c4c57515d64ac387db82e170ac242a9df8be2ce55a45cdf8
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 20E0862130426856CA04BB7CB86657DA75AFBE5351F40153EF182C71A2CE2945C982A3
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNELBASE(00000000,00000000,?,00860704,?,?,00000000,?,00860704,00000000,0000000C), ref: 008603B7
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cb4f092870194c4b2c5c0b2c869ce1daad83245febc67986facfb83c82bd074e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6fedd44739148520127f40239842e17201b234b3a97b952fa754a2a905c7333d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cb4f092870194c4b2c5c0b2c869ce1daad83245febc67986facfb83c82bd074e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A6D06C3204010DBBDF128F84DD06EDA3BAAFB48714F014100BE1866020C732E821AB90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00821CBC
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: InfoParametersSystem
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3098949447-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1964b8693833c0413aa3aab735a627655fbd7f5abf070d522ac647897cd5e029
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a56cf2a68e4ae0e3250450afbc6631c3d2a60cd0481a3cd2a429ec8fce7e3c17
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1964b8693833c0413aa3aab735a627655fbd7f5abf070d522ac647897cd5e029
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A9C09236280305EFF6248BA0BC4EF207764B34CB00F048101F609A96E3C3A22820EA60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00839BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00839BB2
                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 008B961A
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 008B965B
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 008B969F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 008B96C9
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 008B96F2
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000011), ref: 008B978B
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000009), ref: 008B9798
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 008B97AE
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000010), ref: 008B97B8
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 008B97E9
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 008B9810
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001030,?,008B7E95), ref: 008B9918
                                                                                                                                                                                                                                                                                                                                                            • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 008B992E
                                                                                                                                                                                                                                                                                                                                                            • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 008B9941
                                                                                                                                                                                                                                                                                                                                                            • SetCapture.USER32(?), ref: 008B994A
                                                                                                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(?,?), ref: 008B99AF
                                                                                                                                                                                                                                                                                                                                                            • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 008B99BC
                                                                                                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 008B99D6
                                                                                                                                                                                                                                                                                                                                                            • ReleaseCapture.USER32 ref: 008B99E1
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 008B9A19
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 008B9A26
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 008B9A80
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 008B9AAE
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 008B9AEB
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 008B9B1A
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 008B9B3B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000110B,00000009,?), ref: 008B9B4A
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 008B9B68
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 008B9B75
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 008B9B93
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 008B9BFA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 008B9C2B
                                                                                                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(?,?), ref: 008B9C84
                                                                                                                                                                                                                                                                                                                                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 008B9CB4
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 008B9CDE
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 008B9D01
                                                                                                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(?,?), ref: 008B9D4E
                                                                                                                                                                                                                                                                                                                                                            • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 008B9D82
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00839944: GetWindowLongW.USER32(?,000000EB), ref: 00839952
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 008B9E05
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                                                                                                                                                                                                                                                                            • String ID: @GUI_DRAGID$F$pJ
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3429851547-1614494221
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0a3dc0521282a3d6aacb33e74fea2e221c52b9255083eaa34ee36267bb7be0ac
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4e5113976c54c70f08a22cc5ac6adeaf7ab998006b56933dc315c66c982586aa
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0a3dc0521282a3d6aacb33e74fea2e221c52b9255083eaa34ee36267bb7be0ac
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B3426934204251AFDB24CF68CC48EAABBE5FF5A314F144619F699C73A1E771A850CB92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 008B48F3
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 008B4908
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 008B4927
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 008B494B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 008B495C
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 008B497B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 008B49AE
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 008B49D4
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 008B4A0F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 008B4A56
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 008B4A7E
                                                                                                                                                                                                                                                                                                                                                            • IsMenu.USER32(?), ref: 008B4A97
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 008B4AF2
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 008B4B20
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 008B4B94
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 008B4BE3
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 008B4C82
                                                                                                                                                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 008B4CAE
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 008B4CC9
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,00000000,00000001), ref: 008B4CF1
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 008B4D13
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 008B4D33
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,00000000,00000001), ref: 008B4D5A
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                                                                                                                                                                                                                                                                            • String ID: %d/%02d/%02d$pJ
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4054740463-3560901474
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c985385795613e4bb1c21376642e5a868d208942de8b02414380377495f9954c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3b3ea949df800d3105a5714dff7b426e4d977e2f1e721800dbabaa0c008b754c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c985385795613e4bb1c21376642e5a868d208942de8b02414380377495f9954c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D212AD71600218ABEB258F28CC4AFEE7BB8FF45714F145229F516EB3A2DB749941CB50
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 0083F998
                                                                                                                                                                                                                                                                                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0087F474
                                                                                                                                                                                                                                                                                                                                                            • IsIconic.USER32(00000000), ref: 0087F47D
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,00000009), ref: 0087F48A
                                                                                                                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(00000000), ref: 0087F494
                                                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0087F4AA
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0087F4B1
                                                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0087F4BD
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,00000000,00000001), ref: 0087F4CE
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,00000000,00000001), ref: 0087F4D6
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 0087F4DE
                                                                                                                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(00000000), ref: 0087F4E1
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0087F4F6
                                                                                                                                                                                                                                                                                                                                                            • keybd_event.USER32(00000012,00000000), ref: 0087F501
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0087F50B
                                                                                                                                                                                                                                                                                                                                                            • keybd_event.USER32(00000012,00000000), ref: 0087F510
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0087F519
                                                                                                                                                                                                                                                                                                                                                            • keybd_event.USER32(00000012,00000000), ref: 0087F51E
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0087F528
                                                                                                                                                                                                                                                                                                                                                            • keybd_event.USER32(00000012,00000000), ref: 0087F52D
                                                                                                                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(00000000), ref: 0087F530
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,000000FF,00000000), ref: 0087F557
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                                                                                                                            • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4125248594-2988720461
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a97e884daa9662ece3f0805210f1172bfb82c32e7c0d24e9fa7bab8eff367538
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1da6e9908919e995b36a0dba99394482292bbd4c1c318fd67631d38d43497f91
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a97e884daa9662ece3f0805210f1172bfb82c32e7c0d24e9fa7bab8eff367538
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 90317471A40218BBEB206FB69C4AFBF7F6CFB45B50F104165FB05E61D1C6B19D00AAA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008816C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0088170D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008816C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0088173A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008816C3: GetLastError.KERNEL32 ref: 0088174A
                                                                                                                                                                                                                                                                                                                                                            • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00881286
                                                                                                                                                                                                                                                                                                                                                            • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 008812A8
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 008812B9
                                                                                                                                                                                                                                                                                                                                                            • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 008812D1
                                                                                                                                                                                                                                                                                                                                                            • GetProcessWindowStation.USER32 ref: 008812EA
                                                                                                                                                                                                                                                                                                                                                            • SetProcessWindowStation.USER32(00000000), ref: 008812F4
                                                                                                                                                                                                                                                                                                                                                            • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00881310
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008810BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,008811FC), ref: 008810D4
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008810BF: CloseHandle.KERNEL32(?,?,008811FC), ref: 008810E9
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                                                                                                                            • String ID: $default$winsta0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 22674027-1027155976
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 92b0042e2611a9f8a64a3ecf9870843a03f84df671d279ce244ddf2394522414
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 385a4451fa391cffeb13ac6ad5cdc71fe10c041451588daf4e1cdfebe5362f92
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 92b0042e2611a9f8a64a3ecf9870843a03f84df671d279ce244ddf2394522414
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ED818D71900209ABDF21AFA8DC49FEE7BBEFF04704F144129F911E62A0DB359946CB65
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008810F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00881114
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008810F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00880B9B,?,?,?), ref: 00881120
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008810F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00880B9B,?,?,?), ref: 0088112F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008810F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00880B9B,?,?,?), ref: 00881136
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008810F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0088114D
                                                                                                                                                                                                                                                                                                                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00880BCC
                                                                                                                                                                                                                                                                                                                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00880C00
                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 00880C17
                                                                                                                                                                                                                                                                                                                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 00880C51
                                                                                                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00880C6D
                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 00880C84
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00880C8C
                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00880C93
                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00880CB4
                                                                                                                                                                                                                                                                                                                                                            • CopySid.ADVAPI32(00000000), ref: 00880CBB
                                                                                                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00880CEA
                                                                                                                                                                                                                                                                                                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00880D0C
                                                                                                                                                                                                                                                                                                                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00880D1E
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00880D45
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00880D4C
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00880D55
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00880D5C
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00880D65
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00880D6C
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00880D78
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00880D7F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00881193: GetProcessHeap.KERNEL32(00000008,00880BB1,?,00000000,?,00880BB1,?), ref: 008811A1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00881193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00880BB1,?), ref: 008811A8
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00881193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00880BB1,?), ref: 008811B7
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 101483eaeacb677bc808aa82dc23880dea0d8eb53cc9acbaaf6a601e253f09f5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 76649905093c2d05268161b6cdf21d672f55b3432b01acf2f5a3e3926e694330
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 101483eaeacb677bc808aa82dc23880dea0d8eb53cc9acbaaf6a601e253f09f5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B7715A7290020AAFEF50EFA4DC48BAEBBB9FF04300F144615E914E7191D775A909CF60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • OpenClipboard.USER32(008BCC08), ref: 0089EB29
                                                                                                                                                                                                                                                                                                                                                            • IsClipboardFormatAvailable.USER32(0000000D), ref: 0089EB37
                                                                                                                                                                                                                                                                                                                                                            • GetClipboardData.USER32(0000000D), ref: 0089EB43
                                                                                                                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 0089EB4F
                                                                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 0089EB87
                                                                                                                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 0089EB91
                                                                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 0089EBBC
                                                                                                                                                                                                                                                                                                                                                            • IsClipboardFormatAvailable.USER32(00000001), ref: 0089EBC9
                                                                                                                                                                                                                                                                                                                                                            • GetClipboardData.USER32(00000001), ref: 0089EBD1
                                                                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 0089EBE2
                                                                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 0089EC22
                                                                                                                                                                                                                                                                                                                                                            • IsClipboardFormatAvailable.USER32(0000000F), ref: 0089EC38
                                                                                                                                                                                                                                                                                                                                                            • GetClipboardData.USER32(0000000F), ref: 0089EC44
                                                                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 0089EC55
                                                                                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 0089EC77
                                                                                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0089EC94
                                                                                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0089ECD2
                                                                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 0089ECF3
                                                                                                                                                                                                                                                                                                                                                            • CountClipboardFormats.USER32 ref: 0089ED14
                                                                                                                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 0089ED59
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 420908878-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9167f6fb75c1da7e4e8ae60a1d939f78fd0983ddf6cf4c5992625dc64d1fa2b8
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ca9cc4fad58a85c9f211bdf5ca0a6158a22f78a424363adec36988857cc9ddfa
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9167f6fb75c1da7e4e8ae60a1d939f78fd0983ddf6cf4c5992625dc64d1fa2b8
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF61D034204206AFDB10EF28D889F2A7BA4FF85714F18461DF496D72A2DB31DD45CB62
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 008969BE
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00896A12
                                                                                                                                                                                                                                                                                                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00896A4E
                                                                                                                                                                                                                                                                                                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00896A75
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                                                                                                                                                                                                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00896AB2
                                                                                                                                                                                                                                                                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00896ADF
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6332b3cd921094faa049cdc90aab302c2201a2ac293475dbd35213dcceb523e1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4940ea6ed802f6247f7bf641e16c8c194eec9f3c4372e37fe0fa4b8dd4123f17
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6332b3cd921094faa049cdc90aab302c2201a2ac293475dbd35213dcceb523e1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 26D14DB2508350AFC710EBA4D991EAFB7E8FF88704F444919F585C6191EB74DA48CBA3
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?,76228FB0,?,00000000), ref: 00899663
                                                                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?), ref: 008996A1
                                                                                                                                                                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,?), ref: 008996BB
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 008996D3
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 008996DE
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 008996FA
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 0089974A
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(008E6B7C), ref: 00899768
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 00899772
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0089977F
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0089978F
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2014752018844aa74a0073bc4c93e2256e8977af82c978905c43bd50c17c9e6e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 34a4b57bd3cc5330bec5a4cfbb26915297902e7bc70e59770fdd9a2b2f84abfe
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2014752018844aa74a0073bc4c93e2256e8977af82c978905c43bd50c17c9e6e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E131C2325012197FDF14AFF9DC48ADE77ACFF49320F18425AF855E21A0EB75D9448A20
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?,76228FB0,?,00000000), ref: 008997BE
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 00899819
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00899824
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 00899840
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00899890
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(008E6B7C), ref: 008998AE
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 008998B8
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 008998C5
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 008998D5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0088DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 0088DB00
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 275f7243ffb144b0537ed7b2d36fbce0de94a86c8179c6003239e41f8eb5aeb0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c04d9f24304a520a394a41e1d7f90d0bc1d7af06fb1221c22d4e881ceb03f868
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 275f7243ffb144b0537ed7b2d36fbce0de94a86c8179c6003239e41f8eb5aeb0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4131A53150061D6BDF10BFB9DC48ADE77ACFF4A320F18416EE894F21A1EB75D9448A60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008AC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,008AB6AE,?,?), ref: 008AC9B5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008AC998: _wcslen.LIBCMT ref: 008AC9F1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008AC998: _wcslen.LIBCMT ref: 008ACA68
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008AC998: _wcslen.LIBCMT ref: 008ACA9E
                                                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 008ABF3E
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 008ABFA9
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 008ABFCD
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 008AC02C
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 008AC0E7
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 008AC154
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 008AC1E9
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 008AC23A
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 008AC2E3
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 008AC382
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 008AC38F
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3102970594-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5378104b26b038f651f436b3ae53130471b86df83dd7dfd3ea6f52f088534e48
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4394977d940e58a3f65d951f374bfc9191d9a5bcfa518430fb7cc59ca141e5d1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5378104b26b038f651f436b3ae53130471b86df83dd7dfd3ea6f52f088534e48
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17022D716042009FD714DF28C895E2ABBE5FF89318F18849DF84ADB6A2DB31ED45CB52
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetLocalTime.KERNEL32(?), ref: 00898257
                                                                                                                                                                                                                                                                                                                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 00898267
                                                                                                                                                                                                                                                                                                                                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00898273
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00898310
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00898324
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00898356
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0089838C
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00898395
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a2a4fc1bb600e5d78378da9dbced25b4fc1e475e84e44f9af2f8701e4be89f71
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3b8fd7dd40577fc91c7f8f3f837e6ac0cdea42a19ffea6c23931e7b39e6ccdb7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a2a4fc1bb600e5d78378da9dbced25b4fc1e475e84e44f9af2f8701e4be89f71
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 89616B725043169FCB10EF64D8449AEB3E8FF89314F08892EF999D7251DB31E945CB92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00823AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00823A97,?,?,00822E7F,?,?,?,00000000), ref: 00823AC2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0088E199: GetFileAttributesW.KERNEL32(?,0088CF95), ref: 0088E19A
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 0088D122
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 0088D1DD
                                                                                                                                                                                                                                                                                                                                                            • MoveFileW.KERNEL32(?,?), ref: 0088D1F0
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 0088D20D
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 0088D237
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0088D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,0088D21C,?,?), ref: 0088D2B2
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000,?,?,?), ref: 0088D253
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0088D264
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                                                                                                            • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8972755736836680a211348e4b2fd4f1b18a61fc6cc1df5b79e7752642bdae09
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 800facd3e280ca640b3f961df66e89973cde6206f63d52bba7fe5e84576f04d4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8972755736836680a211348e4b2fd4f1b18a61fc6cc1df5b79e7752642bdae09
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A61273180121DAACF05FBA4E9929EDB7B9FF55300F244165E442B7191EB30AF49CB62
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 24e2ba7706323aaf44a0d52a4e5aff7bd67b26087fc421ae90f0c3fdfda0de1a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bef3eb186a6b89930488b378f5fd205ee730ed7506407ee6bf2526afb41ceecd
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 24e2ba7706323aaf44a0d52a4e5aff7bd67b26087fc421ae90f0c3fdfda0de1a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 41417C35604611AFDB20DF19E888F29BBA5FF44328F188199E429CB662C775EC41CB91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008816C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0088170D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008816C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0088173A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008816C3: GetLastError.KERNEL32 ref: 0088174A
                                                                                                                                                                                                                                                                                                                                                            • ExitWindowsEx.USER32(?,00000000), ref: 0088E932
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                                                                                                            • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 18cc0b370e99ab911f4358893c931ad71aa778ad6a82ea46dbe42af406f343fb
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c7b04576f2906d9da24a8d992345c9a53b84df5bd7d2aafbf25152eeacd074e8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 18cc0b370e99ab911f4358893c931ad71aa778ad6a82ea46dbe42af406f343fb
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9101F972610215ABEB6476B99C8AFBF775CF714754F154521FC13E21E2EAE0AC4083A0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 008A1276
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 008A1283
                                                                                                                                                                                                                                                                                                                                                            • bind.WSOCK32(00000000,?,00000010), ref: 008A12BA
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 008A12C5
                                                                                                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 008A12F4
                                                                                                                                                                                                                                                                                                                                                            • listen.WSOCK32(00000000,00000005), ref: 008A1303
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 008A130D
                                                                                                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 008A133C
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 540024437-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 46e932184fc121d166a7d455c7c2544730623c6da4ca4b4db6faeeedc07a5042
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: edc692186a83d3a1fdbe73c282509ef48e021acbef66848cdaaab204550c5dc0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 46e932184fc121d166a7d455c7c2544730623c6da4ca4b4db6faeeedc07a5042
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A417F316001109FEB10DF68D588B2ABBE5FF46318F188198E856DF696C775ED81CBE1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0085B9D4
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0085B9F8
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0085BB7F
                                                                                                                                                                                                                                                                                                                                                            • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,008C3700), ref: 0085BB91
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,008F121C,000000FF,00000000,0000003F,00000000,?,?), ref: 0085BC09
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,008F1270,000000FF,?,0000003F,00000000,?), ref: 0085BC36
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0085BD4B
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 314583886-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a5f4a5ead29e6d5496fa40b0a0ba591149200040ef2a798eab3313af8d4816a9
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 59c51eb0dbce57202b216201f234c6ecab971c756cb32ee8160dd10b0dbac60b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a5f4a5ead29e6d5496fa40b0a0ba591149200040ef2a798eab3313af8d4816a9
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5EC129719042489FCB21DF799C45BBABBB8FF61362F1441AAEC90E7251EB308E49C751
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00823AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00823A97,?,?,00822E7F,?,?,?,00000000), ref: 00823AC2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0088E199: GetFileAttributesW.KERNEL32(?,0088CF95), ref: 0088E19A
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 0088D420
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 0088D470
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 0088D481
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0088D498
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0088D4A1
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                                                                                                            • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 554e338ce9786a62da196e4e36cae97eca04ee5b84c25e5b1beb8ec949817a4e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 61a1010e6fd0b5fc7d277557e11e692f94e570d4984de8c46bc588d5839c9ac0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 554e338ce9786a62da196e4e36cae97eca04ee5b84c25e5b1beb8ec949817a4e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 81315C710083559BC304FF68E8958AFB7A8FE95314F444A2DF4D1D21A1EB30AA49CB67
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                                                                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e22717d328db10d0f4692ec32d1d7c1285c0f166976a787dde6d91ec72f55d62
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 07683d1b2ab182157a13acb91b8fcf57a6dbc14d9a9d8e0d5b4d4d77661ce0c9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e22717d328db10d0f4692ec32d1d7c1285c0f166976a787dde6d91ec72f55d62
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 63C22A71E046288FDB29CE28DD407EAB7B5FB48306F1441EAD94DE7241E774AE898F41
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008964DC
                                                                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 00896639
                                                                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(008BFCF8,00000000,00000001,008BFB68,?), ref: 00896650
                                                                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 008968D4
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 27494c0a6d88a54fc0e926a3ee0136d2fefe1bd7377695195624f7c302f62c0a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5fffc080e39bcac0be9f7940355ae58669a849327959036659c9caf070624fe1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 27494c0a6d88a54fc0e926a3ee0136d2fefe1bd7377695195624f7c302f62c0a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6AD13771508211AFC704EF28D891E6BB7E8FF98704F04496DF595CB2A1EB70E949CB92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(?,?,00000000), ref: 008A22E8
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0089E4EC: GetWindowRect.USER32(?,?), ref: 0089E504
                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 008A2312
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 008A2319
                                                                                                                                                                                                                                                                                                                                                            • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 008A2355
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 008A2381
                                                                                                                                                                                                                                                                                                                                                            • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 008A23DF
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 36ae15102eae923b0048803e3e22ebb274ca9771dd62882164241552f0bd87f1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3b89aa2dffaf1c9d84801d748dc60f894296f14a3ea17f9987d5db12b80ccda7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 36ae15102eae923b0048803e3e22ebb274ca9771dd62882164241552f0bd87f1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B31AD72504315AFDB20DF58C849B9BBBA9FF86314F000A19F985D7291DB74EA09CB92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00899B78
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00899C8B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00893874: GetInputState.USER32 ref: 008938CB
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00893874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00893966
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00899BA8
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00899C75
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a226569e1eb2e1a540ef08f6bf09b6e730a936c7276910ded8708a896fca5058
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 01e89d16fc96ccc3a1a0e0fec629e57d69e7a1f86609d8125efc38a2e36d65cc
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a226569e1eb2e1a540ef08f6bf09b6e730a936c7276910ded8708a896fca5058
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8641607190021A9FCF14EF68DC55AEE7BB8FF05314F18415AE855E2291EB349E84CF61
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00839BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00839BB2
                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,?,?,?,?), ref: 00839A4E
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 00839B23
                                                                                                                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,00000000), ref: 00839B36
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Color$LongProcWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3131106179-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8d028dcca6dd35cf59ca4ef152459a1a3d4f79626644a1b3007f0dc3cd17e66f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 66b233a1405723bb2efd3b05795d56a47f4bc76aff0d9b0c35d74902cb2f5706
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8d028dcca6dd35cf59ca4ef152459a1a3d4f79626644a1b3007f0dc3cd17e66f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 31A13C71208428EEE7289A3C8C59EBB3A5DFBC2354F154319F582C66D9CAA5DD01C3F2
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008A304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 008A307A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008A304E: _wcslen.LIBCMT ref: 008A309B
                                                                                                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 008A185D
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 008A1884
                                                                                                                                                                                                                                                                                                                                                            • bind.WSOCK32(00000000,?,00000010), ref: 008A18DB
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 008A18E6
                                                                                                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 008A1915
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 52ed4d1618b9c6706455aff9c125ad89e3c77f3a77004d79dec36bf9debc0254
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 59d59d0a5917431afbe9d3e35582b525dce9c396a0df89bf1ab74bb393573ad1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 52ed4d1618b9c6706455aff9c125ad89e3c77f3a77004d79dec36bf9debc0254
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4251B371A002109FEB10AF28D886F2A77E5FB45718F088058F9059F783DB75AD41CBE2
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 292994002-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ce85258527bbf8bc38326daf52d7873b05fa297322aa06de07d30dbf2e3718d8
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 389eeb2a17288fc8729a0d8e30407d020c7e0ca2a9bd7149652f5f7a049edd64
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ce85258527bbf8bc38326daf52d7873b05fa297322aa06de07d30dbf2e3718d8
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B621A3317402119FDB208F1AD868BAA7FA5FF95314F598058E84ACF352CB71ED42CB95
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-1546025612
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: dac799d16a452db6c1ad93260a5f74b5a9940dbcaa4bcd98f5f40ab0014ca7fa
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 59399ca08b8fe6e6c6667f5aacf1527fd87585db6595aac4def7cbed65b43eb3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dac799d16a452db6c1ad93260a5f74b5a9940dbcaa4bcd98f5f40ab0014ca7fa
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E4A27970A0166ACBDF24CF58D9447AEB7B1FB54314F2581AAE815EB384EB309DD1CB90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 0088AAAC
                                                                                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(00000080), ref: 0088AAC8
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 0088AB36
                                                                                                                                                                                                                                                                                                                                                            • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 0088AB88
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b3eb334a661dd35a36aa6b3ade21eebcf029672205a1186a39691dccb62e7657
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 12fecddced54e19681360557a64f9655334e7d7e0100029db4eb6922eaa33fd2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b3eb334a661dd35a36aa6b3ade21eebcf029672205a1186a39691dccb62e7657
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5D31F630A40258AEFB39AA688C05BFA7BA6FB45330F04421BF5C1D65D1D3759981C763
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InternetReadFile.WININET(?,?,00000400,?), ref: 0089CE89
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000), ref: 0089CEEA
                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000000), ref: 0089CEFE
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 234945975-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c7d2878bc29107a9b67695302b6f8461b77acb79e58460296725478bab758536
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1debd0588b88b1beef469985b4b18744ff1d79f763458bad4c55897c275f4804
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c7d2878bc29107a9b67695302b6f8461b77acb79e58460296725478bab758536
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE219DB15007099FDB30EF65C948BAA77F8FB50358F14442EE546D2151EB75EE048B64
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,?,?,00000000), ref: 008882AA
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: lstrlen
                                                                                                                                                                                                                                                                                                                                                            • String ID: ($|
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1659193697-1631851259
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 36f94b834c97953619d87a57872e89624812acaa36ec8c63b43fcd40a5deee04
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d9ae9b67d34a545e85f48ecf160b1b6d16706f156aba5fd644342cda9f9b7b7f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 36f94b834c97953619d87a57872e89624812acaa36ec8c63b43fcd40a5deee04
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0A323474A00605DFCB28DF59C480A6AB7F0FF48710B55C56EE59ADB3A1EB70E981CB40
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00895CC1
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 00895D17
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(?), ref: 00895D5F
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3541575487-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0b8204a5cb3f5e1d0f7bc3a825c7a083c1b8077c30fa8b0a7f41af022ad46177
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6148d0fe850fc41f018553aaf5b370beba424cd7bfe01682f8eaebfd4a0e6969
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b8204a5cb3f5e1d0f7bc3a825c7a083c1b8077c30fa8b0a7f41af022ad46177
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14519A346046019FCB14DF28D498A9AB7E4FF49324F18856EE95ACB3A2DB30ED44CB91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32 ref: 0085271A
                                                                                                                                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00852724
                                                                                                                                                                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 00852731
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2f891b6d98fd4b854316aed62e344c95414839cc034ea3ba3d76a16eb4db095a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a8fd0ae91a0b625dea2cf1987bf22241d627dc4b3432a5b0c1a6ed314e8828b6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2f891b6d98fd4b854316aed62e344c95414839cc034ea3ba3d76a16eb4db095a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A31B67591122C9BCB21DF68DC89B99B7B8FF08310F5041DAE81CA6261EB309F858F45
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 008951DA
                                                                                                                                                                                                                                                                                                                                                            • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00895238
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000), ref: 008952A1
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1682464887-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 95eb73fb7f4e0dd4e95c46f67f9cffb128f03883d70c70355bd8fbde8cf30fdf
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8f1173be2077804032e46a88eb7f42c9081999b4e1c07984ba9131c205c12632
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 95eb73fb7f4e0dd4e95c46f67f9cffb128f03883d70c70355bd8fbde8cf30fdf
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 51313E75A00518DFDB00EF98D884EADBBB5FF49314F088099E805EB3A2DB31E855CB91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0083FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00840668
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0083FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00840685
                                                                                                                                                                                                                                                                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0088170D
                                                                                                                                                                                                                                                                                                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0088173A
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0088174A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 577356006-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4d0d551272940006da49e9c316fa713bbe849c36829e77135fde43599611f67e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 82b63f33601866b765bb1bb1dc790f0e80af9565e4a2b3a2264ebf2c75dad450
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d0d551272940006da49e9c316fa713bbe849c36829e77135fde43599611f67e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 241191B2814309AFD718AF54DC8AD6AB7FDFF44754B20852EF05697245EB70BC428B60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0088D608
                                                                                                                                                                                                                                                                                                                                                            • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 0088D645
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0088D650
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 33631002-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e83914654b265254230d33821e9d879611187cd295c9c3aa69fa97d2d571e0de
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 17f960385ecdcdbc9de0b87141b23bb78ae0b6fe998822a87e2559f823c0ad5e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e83914654b265254230d33821e9d879611187cd295c9c3aa69fa97d2d571e0de
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BC113C75E05228BBDB209F99AC45FAFBBBCFB45B50F108125F904E7290D6705A058BA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0088168C
                                                                                                                                                                                                                                                                                                                                                            • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 008816A1
                                                                                                                                                                                                                                                                                                                                                            • FreeSid.ADVAPI32(?), ref: 008816B1
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3429775523-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d5a39dc7c034215818bd490d9cc8436dee6d37bb78d58c72b7fb5c80122a8b5d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4862c481f041fafdfccfad57bfaae6b99af5e6cab8e22d8114e47940392665a2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d5a39dc7c034215818bd490d9cc8436dee6d37bb78d58c72b7fb5c80122a8b5d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CCF0F471950309FBDF00EFE49C89AAEBBBCFB08604F504565E501E2181E774AA458B60
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: /
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-2043925204
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 30d1c8f35054417553f5999b4af76f2c248c63064d13dc91e232a439701f432d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4e8a1bb47a9476884f5be0df933881f3137c9d031520ca3d1412eccabb45cee4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 30d1c8f35054417553f5999b4af76f2c248c63064d13dc91e232a439701f432d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 82411572900319AFCB209FB9CC89EAB77B9FB84356F5042A9FD05D7280E6709D858F50
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetUserNameW.ADVAPI32(?,?), ref: 0087D28C
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: NameUser
                                                                                                                                                                                                                                                                                                                                                            • String ID: X64
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 530ef1d5707af4bc2f2557e65155a3f68ea779338d22c2be6fec52a7736b5d46
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8bc0f2c5ef05d18aedef09f854c8bbc88979a6f93606d9967a17eff7dedb23a5
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 530ef1d5707af4bc2f2557e65155a3f68ea779338d22c2be6fec52a7736b5d46
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 31D0C9B581121DEBCF94DB90EC88DDDB77CFB14309F104252F506E2000DB3095499F10
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 947fad7bcda00065bb690932772d9341e13090353a5f50920754c27451ad841c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1F023C71E012199FDF54CFA9C8806ADFBF5FF88314F25816AD919EB380D731AA418B94
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00896918
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00896961
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d558397cecfd609c3dd17adbeb30e5d2758762ab03f57788bcb0d006c3ac8e09
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bb0209799c86b9dcb6f3cff5c5ca628e222bd030f3a337bd9e3fd29e00ff6441
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d558397cecfd609c3dd17adbeb30e5d2758762ab03f57788bcb0d006c3ac8e09
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EE1193316042109FCB10DF29D484A16BBE5FF89328F18C699F469CF6A2DB30EC45CB91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,008A4891,?,?,00000035,?), ref: 008937E4
                                                                                                                                                                                                                                                                                                                                                            • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,008A4891,?,?,00000035,?), ref: 008937F4
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 475aef8fa37891a20a3ef209c1c13df271a6ac2c9dfa6e4b9bdc943b7a23c7dc
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bda43ee956e6dd20d7b27355ba46fb888a216fd718ff549bbbbb7c6cc2666133
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 475aef8fa37891a20a3ef209c1c13df271a6ac2c9dfa6e4b9bdc943b7a23c7dc
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 29F0E5B06042283AEB2027AA9C4DFEB3BAEFFC4765F000275F509D2291D9609944C6B1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 0088B25D
                                                                                                                                                                                                                                                                                                                                                            • keybd_event.USER32(?,7694C0D0,?,00000000), ref: 0088B270
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3536248340-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9a2f6646be96e78d1b5ce49efc4518316edf6f0c00c5cf86e8e4183ef3d9d8f3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 09d485d918856fbdd54c028882df1a146eea770bdf3313791f53958e06e65024
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9a2f6646be96e78d1b5ce49efc4518316edf6f0c00c5cf86e8e4183ef3d9d8f3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6FF01D7180424DABDB159FA4C805BEE7BB4FF04309F008119F955A6191C77996119F94
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,008811FC), ref: 008810D4
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,008811FC), ref: 008810E9
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 81990902-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8ec751e92766f6dee96f402139d4af36ee871d8f0cc8990e0b7e58b3c9b69831
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3b1e798e161ffba9aefedd8b744006bc51f12db7b4ecd253eb37c33f70fd14a8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ec751e92766f6dee96f402139d4af36ee871d8f0cc8990e0b7e58b3c9b69831
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17E04F32408600AFE7252B15FC09E7377E9FB04310F10892DF5A5C04B1DB626C90DB90
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            • Variable is not of type 'Object'., xrefs: 00870C40
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: Variable is not of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-1840281001
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ff09869582e6cd51850b0b5d0ec078f0e02c07e7b96134215df952afdebc4c01
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a76ef60719fabd79f82abb9a35e67fb9fdcaf43ca33ab2b69d6df3a43dea4caf
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ff09869582e6cd51850b0b5d0ec078f0e02c07e7b96134215df952afdebc4c01
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 13329E70900228DBCF14DF94E981AFDB7B5FF05308F548059E80AEB296DB75AE85CB61
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00856766,?,?,00000008,?,?,0085FEFE,00000000), ref: 00856998
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a6c69d2bd1ce8cada784dffdf945f6c183f0174e974ccbcd49c0807b086f28e4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 969cc35116df706dd5b830dd02163ad695f3f60e9fb1243a71e8a0c9eea8c377
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a6c69d2bd1ce8cada784dffdf945f6c183f0174e974ccbcd49c0807b086f28e4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 84B17D31610608DFD715CF28C486B647BE0FF0536AF698658EC99CF2A2D335D9A9CB40
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-3916222277
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 702c57e116b37593e27156eb17eb90d6c945dff871dc7867fea97f74947a4197
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f7df2a2c40b57e1a074a6e850f2713660b126416bb3f87777c3fef49e28d731f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 702c57e116b37593e27156eb17eb90d6c945dff871dc7867fea97f74947a4197
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F5124EB1A00229DBCB14CF58C8816EEB7F5FF48710F14819AE949EB255EB349E81CB95
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • BlockInput.USER32(00000001), ref: 0089EABD
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: BlockInput
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 53b45459a080f65e84f97c93d7b6866fbc605e552404e283c2400f4763914d06
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c605d7c6e20937d5957756a16c3d837c386aa079a5b8c4a823fe63656f7c5cdf
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 53b45459a080f65e84f97c93d7b6866fbc605e552404e283c2400f4763914d06
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9CE012312002149FD710EF59D404E5ABBD9FFA8760F048416FC45C7261DA70A8418B91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,008403EE), ref: 008409DA
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7d17f19d7c7fd0006d3388b4122e2078a3175dd1348c0bb95df92b5a0295d9c7
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f95133f4abdd9a41895b434edb67ccd86ca5f11854a4c495a2c3c205ee053717
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7d17f19d7c7fd0006d3388b4122e2078a3175dd1348c0bb95df92b5a0295d9c7
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 95cb9d7062ade8681bc68663e75502b80089f5123516ad6cfbc0c1db0ac80d8b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0551787160C74D9BDB38856C885E7BE6F89FB22344F180939D882D7282CB19DE05D35A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b9c99f71d091652293ddb3cb631f8af7e6875ecf99ffdaaf187a91456f870075
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 35ae6959daee4729670cb96ba7fe0ed5abd4364a172b1fb624545bdb1f60eaba
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b9c99f71d091652293ddb3cb631f8af7e6875ecf99ffdaaf187a91456f870075
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1832F122D29F014DD7239634E822335A659FFB73D6F15D737E81AB5AA6EB39C4834100
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 07cfa6e89399ad964bd01f23c845b32bfcae3f3b494fb0d46f1019bf8d6d3326
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d26401f60a4ae6167ba94ab1ec414cf4d87a6624906d6586be92605638a29704
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 07cfa6e89399ad964bd01f23c845b32bfcae3f3b494fb0d46f1019bf8d6d3326
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 25320532A041598BCF28CE29C4D467DBBA1FB85314F28C56ED85EDB299D730DD82DB81
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0ad7fd614b6f59d3e1ebbd0a847d46c2ddf316fd1429dd195cd5d0715d506775
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5c17aba93d889361260769fd1ed2f5ca962366ae17bf7096834218d9f26212a4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ad7fd614b6f59d3e1ebbd0a847d46c2ddf316fd1429dd195cd5d0715d506775
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7022CFB0A0061ADFDF14CF69D981AAEB3B1FF44314F104529E812EB391EB36AD50CB51
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6e95b92e5caf4f4053f6dea17957d5e62b5d14fed7ed5782c0556267877d66cd
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 536dc7008219c4cefa6c0fb647c54d221d9b8453bc463f2d2526763da74321a6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6e95b92e5caf4f4053f6dea17957d5e62b5d14fed7ed5782c0556267877d66cd
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6602B5B0E00219EBDB04DF58D881AAEB7B1FF54304F118169E956DB391EB31AE60CBD1
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: aab883bd76c4845886a1f3e133f8c7242c2e33a224c6575d3103e54634e5b5a8
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 61c888164b6a964d6ac684874bd7f4f1e3744a5bfc86dafdfa715b74a139aa36
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aab883bd76c4845886a1f3e133f8c7242c2e33a224c6575d3103e54634e5b5a8
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 90B10320D2AF814DD32396399871336B66CBFBB6D5F91D71BFC1674E22EB2286834140
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c698811c254abc55612932da550567659efaf87d46e3ef5afbeeaed67303db3c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 512b0f9dd9f4b51383d97fecb4b838d94be115fa947ea0544061896ec2fa17bb
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c698811c254abc55612932da550567659efaf87d46e3ef5afbeeaed67303db3c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4661887160875D96EE34DA2C8C95BBE3398FF51768F10091EE983DB281DB119E42C356
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ad8b4dbc212161afdf18ab22893e63b5f5ba4a8ac9ed08f07c1778726fc0caa7
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 43e914c5af03f8308b11b9e0a0527cff804e9c5f099cbb20f02b800f849ee3bc
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ad8b4dbc212161afdf18ab22893e63b5f5ba4a8ac9ed08f07c1778726fc0caa7
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C7618F31E2C74DA7DE389A2C4D55BBF2394FF42B08F100A5AE943DB289E712DD428356
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9642d89f94b075b32b05954e7e131b13038ceb30fe354cf8a2634d6c7efd063a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: fd3c2443fd0e8b297d218ea7c9bda3178d083e0d13ab014962eeef45dbd9c689
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9642d89f94b075b32b05954e7e131b13038ceb30fe354cf8a2634d6c7efd063a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9C2196326206158BDB28CE79C81267A73E5F764320F19862EE4A7C37D1DE39A904CB80
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 008A2B30
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 008A2B43
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32 ref: 008A2B52
                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 008A2B6D
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 008A2B74
                                                                                                                                                                                                                                                                                                                                                            • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 008A2CA3
                                                                                                                                                                                                                                                                                                                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 008A2CB1
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 008A2CF8
                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(00000000,?), ref: 008A2D04
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 008A2D40
                                                                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 008A2D62
                                                                                                                                                                                                                                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 008A2D75
                                                                                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 008A2D80
                                                                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 008A2D89
                                                                                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 008A2D98
                                                                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 008A2DA1
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 008A2DA8
                                                                                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 008A2DB3
                                                                                                                                                                                                                                                                                                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 008A2DC5
                                                                                                                                                                                                                                                                                                                                                            • OleLoadPicture.OLEAUT32(?,00000000,00000000,008BFC38,00000000), ref: 008A2DDB
                                                                                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 008A2DEB
                                                                                                                                                                                                                                                                                                                                                            • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 008A2E11
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 008A2E30
                                                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 008A2E52
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 008A303F
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                            • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ab421b7966690f2c357348725929c68c9e28ae51c7cdb1a036add75230e176ff
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3292371ae7bf0e930a6c4f051c8aedcb59cae4118fb3c58b25e58ec6aa76a193
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ab421b7966690f2c357348725929c68c9e28ae51c7cdb1a036add75230e176ff
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A025A71900219EFDB14DF68CD89EAE7BB9FB49310F108258F915EB2A1DB74AD41CB60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,00000000), ref: 008B712F
                                                                                                                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 008B7160
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 008B716C
                                                                                                                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,000000FF), ref: 008B7186
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 008B7195
                                                                                                                                                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 008B71C0
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000010), ref: 008B71C8
                                                                                                                                                                                                                                                                                                                                                            • CreateSolidBrush.GDI32(00000000), ref: 008B71CF
                                                                                                                                                                                                                                                                                                                                                            • FrameRect.USER32(?,?,00000000), ref: 008B71DE
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 008B71E5
                                                                                                                                                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FE,000000FE), ref: 008B7230
                                                                                                                                                                                                                                                                                                                                                            • FillRect.USER32(?,?,?), ref: 008B7262
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 008B7284
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008B73E8: GetSysColor.USER32(00000012), ref: 008B7421
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008B73E8: SetTextColor.GDI32(?,?), ref: 008B7425
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008B73E8: GetSysColorBrush.USER32(0000000F), ref: 008B743B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008B73E8: GetSysColor.USER32(0000000F), ref: 008B7446
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008B73E8: GetSysColor.USER32(00000011), ref: 008B7463
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008B73E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 008B7471
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008B73E8: SelectObject.GDI32(?,00000000), ref: 008B7482
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008B73E8: SetBkColor.GDI32(?,00000000), ref: 008B748B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008B73E8: SelectObject.GDI32(?,?), ref: 008B7498
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008B73E8: InflateRect.USER32(?,000000FF,000000FF), ref: 008B74B7
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008B73E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 008B74CE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008B73E8: GetWindowLongW.USER32(00000000,000000F0), ref: 008B74DB
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4124339563-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 09e2cc86064afbb3a0dff996fa3420136dd7c05da1efc9e24f7bd1ded18efc45
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 35958a5a4c1628f8a97440b991180b18086dd6b4809107da601c4a85bede440b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 09e2cc86064afbb3a0dff996fa3420136dd7c05da1efc9e24f7bd1ded18efc45
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A9A16072008301AFDB119F64DC48E9F7BA9FB89321F100B19F9A2E62E1D775E945CB61
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(00000000), ref: 008A273E
                                                                                                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 008A286A
                                                                                                                                                                                                                                                                                                                                                            • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 008A28A9
                                                                                                                                                                                                                                                                                                                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 008A28B9
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 008A2900
                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(00000000,?), ref: 008A290C
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 008A2955
                                                                                                                                                                                                                                                                                                                                                            • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 008A2964
                                                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 008A2974
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 008A2978
                                                                                                                                                                                                                                                                                                                                                            • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 008A2988
                                                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 008A2991
                                                                                                                                                                                                                                                                                                                                                            • DeleteDC.GDI32(00000000), ref: 008A299A
                                                                                                                                                                                                                                                                                                                                                            • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 008A29C6
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000030,00000000,00000001), ref: 008A29DD
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 008A2A1D
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 008A2A31
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000404,00000001,00000000), ref: 008A2A42
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 008A2A77
                                                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 008A2A82
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 008A2A8D
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 008A2A97
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                                                                                                            • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f8db8de10b42cad1e4bd5a4f6860a8a6b3d74a11519238918cb23282f4007145
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6c75d42d90ce44043cf85af3c07870a928579e37b9ed887a68e7e771a2f9574a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f8db8de10b42cad1e4bd5a4f6860a8a6b3d74a11519238918cb23282f4007145
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1BB15C71A00219AFEB24DF69DC49FAEBBA9FB49714F004214F915EB690D774ED40CBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 00894AED
                                                                                                                                                                                                                                                                                                                                                            • GetDriveTypeW.KERNEL32(?,008BCB68,?,\\.\,008BCC08), ref: 00894BCA
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,008BCB68,?,\\.\,008BCC08), ref: 00894D36
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                                                                                                            • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 03f9c829acc10729346269158222352be3d146be363f44c0e8387f63cfe0fb6e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2349df969a6659254fe6bcf197a1ae7a6de2e2c28764ad9a32720612c371776a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 03f9c829acc10729346269158222352be3d146be363f44c0e8387f63cfe0fb6e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8661C0307052499FCF04FF69CA81D6877A0FB15388B285055F816EB391EB3AED52DB42
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000012), ref: 008B7421
                                                                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,?), ref: 008B7425
                                                                                                                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 008B743B
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 008B7446
                                                                                                                                                                                                                                                                                                                                                            • CreateSolidBrush.GDI32(?), ref: 008B744B
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000011), ref: 008B7463
                                                                                                                                                                                                                                                                                                                                                            • CreatePen.GDI32(00000000,00000001,00743C00), ref: 008B7471
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 008B7482
                                                                                                                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,00000000), ref: 008B748B
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 008B7498
                                                                                                                                                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 008B74B7
                                                                                                                                                                                                                                                                                                                                                            • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 008B74CE
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 008B74DB
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 008B752A
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 008B7554
                                                                                                                                                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FD,000000FD), ref: 008B7572
                                                                                                                                                                                                                                                                                                                                                            • DrawFocusRect.USER32(?,?), ref: 008B757D
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000011), ref: 008B758E
                                                                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,00000000), ref: 008B7596
                                                                                                                                                                                                                                                                                                                                                            • DrawTextW.USER32(?,008B70F5,000000FF,?,00000000), ref: 008B75A8
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 008B75BF
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 008B75CA
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 008B75D0
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 008B75D5
                                                                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,?), ref: 008B75DB
                                                                                                                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,?), ref: 008B75E5
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1996641542-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 685d5dd017dbb49fcb37230a9d697890646c6a2800f67f5a362c31a807d50580
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c80ca0e09a4b504aac9fac5718f3c63cf3099445789af429a87dcf7a3222084d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 685d5dd017dbb49fcb37230a9d697890646c6a2800f67f5a362c31a807d50580
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4B615C72904218AFDF119FA8DC49EEEBFB9FB49320F114215F915BB2A1D7749940CBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 008B1128
                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 008B113D
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 008B1144
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 008B1199
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 008B11B9
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 008B11ED
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 008B120B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 008B121D
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000421,?,?), ref: 008B1232
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 008B1245
                                                                                                                                                                                                                                                                                                                                                            • IsWindowVisible.USER32(00000000), ref: 008B12A1
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 008B12BC
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 008B12D0
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 008B12E8
                                                                                                                                                                                                                                                                                                                                                            • MonitorFromPoint.USER32(?,?,00000002), ref: 008B130E
                                                                                                                                                                                                                                                                                                                                                            • GetMonitorInfoW.USER32(00000000,?), ref: 008B1328
                                                                                                                                                                                                                                                                                                                                                            • CopyRect.USER32(?,?), ref: 008B133F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000412,00000000), ref: 008B13AA
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                                                                                                                            • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 761fb0b1b1946b4b83a568a4973fd9ee23eca2f2f7b0e6899a0efaed170ea093
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4371d5f3e8250f0cf8e8e057ee67c5fa5d672450b1dc909e4923214a4ac84106
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 761fb0b1b1946b4b83a568a4973fd9ee23eca2f2f7b0e6899a0efaed170ea093
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EAB19E71604351AFDB10DF68C898BAABBE4FF88350F40891CF999DB261D771E845CB92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?), ref: 008B02E5
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008B031F
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008B0389
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008B03F1
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008B0475
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 008B04C5
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 008B0504
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0083F9F2: _wcslen.LIBCMT ref: 0083F9FD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0088223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00882258
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0088223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 0088228A
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                            • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1103490817-719923060
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8e3b07496623fb94559b4bc4c52d5036a34f9e25abcb8e8841a9f574a15ed05f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f30e3c9ea41b019998cca4ca9a893ae70aac8ee5d8b2de448b4f9e6ffef4bfec
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8e3b07496623fb94559b4bc4c52d5036a34f9e25abcb8e8841a9f574a15ed05f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A9E18D312083558BC724DF28D55096BB7E5FF99318B14455CF896EB3A2DB30ED45CB82
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00838968
                                                                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000007), ref: 00838970
                                                                                                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0083899B
                                                                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000008), ref: 008389A3
                                                                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000004), ref: 008389C8
                                                                                                                                                                                                                                                                                                                                                            • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 008389E5
                                                                                                                                                                                                                                                                                                                                                            • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 008389F5
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00838A28
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00838A3C
                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(00000000,000000FF), ref: 00838A5A
                                                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 00838A76
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 00838A81
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0083912D: GetCursorPos.USER32(?), ref: 00839141
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0083912D: ScreenToClient.USER32(00000000,?), ref: 0083915E
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0083912D: GetAsyncKeyState.USER32(00000001), ref: 00839183
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0083912D: GetAsyncKeyState.USER32(00000002), ref: 0083919D
                                                                                                                                                                                                                                                                                                                                                            • SetTimer.USER32(00000000,00000000,00000028,008390FC), ref: 00838AA8
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                                                                                                            • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: aac56a2cff718a83173a6095c7b3f7da4e97a23b2e5fa36d520c5ad520208eb0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3c60753b8da929924323be31de87b0ad36320ac8e9991d176114a2ab0e27b94d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aac56a2cff718a83173a6095c7b3f7da4e97a23b2e5fa36d520c5ad520208eb0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E3B13971A0020ADFDF14DFA8CD49BAA7BA5FB48354F108229FA15E7294DB74E850CB91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008810F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00881114
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008810F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00880B9B,?,?,?), ref: 00881120
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008810F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00880B9B,?,?,?), ref: 0088112F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008810F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00880B9B,?,?,?), ref: 00881136
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008810F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0088114D
                                                                                                                                                                                                                                                                                                                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00880DF5
                                                                                                                                                                                                                                                                                                                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00880E29
                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 00880E40
                                                                                                                                                                                                                                                                                                                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 00880E7A
                                                                                                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00880E96
                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 00880EAD
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00880EB5
                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00880EBC
                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00880EDD
                                                                                                                                                                                                                                                                                                                                                            • CopySid.ADVAPI32(00000000), ref: 00880EE4
                                                                                                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00880F13
                                                                                                                                                                                                                                                                                                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00880F35
                                                                                                                                                                                                                                                                                                                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00880F47
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00880F6E
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00880F75
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00880F7E
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00880F85
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00880F8E
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00880F95
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00880FA1
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00880FA8
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00881193: GetProcessHeap.KERNEL32(00000008,00880BB1,?,00000000,?,00880BB1,?), ref: 008811A1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00881193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00880BB1,?), ref: 008811A8
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00881193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00880BB1,?), ref: 008811B7
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6571b1d54e5c3076ba6182b46db217bd795fca4c7973c1bc51a00e693167b964
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 47c3ed3dd8f2d3341a687dfa9524cd0445198bfac27f5224965a67ebc48ff926
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6571b1d54e5c3076ba6182b46db217bd795fca4c7973c1bc51a00e693167b964
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 47715E7190420AABDF60AFA4DC48FAEBBB8FF05350F148215FA59E6191DB719909CF60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 008AC4BD
                                                                                                                                                                                                                                                                                                                                                            • RegCreateKeyExW.ADVAPI32(?,?,00000000,008BCC08,00000000,?,00000000,?,?), ref: 008AC544
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 008AC5A4
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008AC5F4
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008AC66F
                                                                                                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 008AC6B2
                                                                                                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 008AC7C1
                                                                                                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 008AC84D
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 008AC881
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 008AC88E
                                                                                                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 008AC960
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                                                                                                            • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7232bc39d5dc96d6ee3935708becd3a68f84fe41039d45916ddf814f027bcb2e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 217dcab8158d6ae91ecddbce245f8470dc6e44093aac99e4621e9ad3ca3290c9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7232bc39d5dc96d6ee3935708becd3a68f84fe41039d45916ddf814f027bcb2e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 011278356042119FDB14DF19D881A2AB7E5FF89714F04886CF89ADB7A2DB35EC41CB82
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?), ref: 008B09C6
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008B0A01
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 008B0A54
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008B0A8A
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008B0B06
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008B0B81
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0083F9F2: _wcslen.LIBCMT ref: 0083F9FD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00882BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00882BFA
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                            • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 540b59b8d1a490325614e90f419cf208fd7275235f3e3bd8f2fd5f62d0a72379
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 372007cc91bfe2f6674a3e0db2338c3811b00633ed5547521934e11afb192905
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 540b59b8d1a490325614e90f419cf208fd7275235f3e3bd8f2fd5f62d0a72379
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 32E168312083518FC714EF29C45096ABBE1FF99358B14895DF896EB3A2DB31ED45CB82
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                            • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7172912a2b4a9fb22247f9ca502a4857b0755248508e4b8e8eb0a305dcfd5428
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b930ebf7adfac22819056f42f4db287908aec2c9c93ea5e154a798e8c5470e3d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7172912a2b4a9fb22247f9ca502a4857b0755248508e4b8e8eb0a305dcfd5428
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F71047260017A8BEB20DE7CCC416BA3791FB62764F150124F866DB694EA35DD86C3A1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008B835A
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008B836E
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008B8391
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008B83B4
                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 008B83F2
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,008B5BF2), ref: 008B844E
                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 008B8487
                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 008B84CA
                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 008B8501
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?), ref: 008B850D
                                                                                                                                                                                                                                                                                                                                                            • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 008B851D
                                                                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(?,?,?,?,?,008B5BF2), ref: 008B852C
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 008B8549
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 008B8555
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                                                                                                            • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1bbf9f903b5af504b2616683eca62b30f2862d3c88fc23142b3cf51aeb7bc313
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d470b8a6e70f11fde956a4c7f0893289102f5176856fb012347db9a1bbe43ede
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1bbf9f903b5af504b2616683eca62b30f2862d3c88fc23142b3cf51aeb7bc313
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CC619D71540619FAEB24DF68DC81BFE7BACFB08B11F104609F815D62D1DB74A980DBA0
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-1645009161
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cbf526c79a6452fa7d848c3b4db5fb148f253780bc6eec393df8b7955b526a78
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a552580d651358feb62bc8fcb35d37cfda243ecef22123fc14bbe316d16d0474
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cbf526c79a6452fa7d848c3b4db5fb148f253780bc6eec393df8b7955b526a78
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7E81E871604229BFDB20AF65EC52FAE37A8FF55300F044025F905EA296EB74DA91C792
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CharLowerBuffW.USER32(?,?), ref: 00893EF8
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00893F03
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00893F5A
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00893F98
                                                                                                                                                                                                                                                                                                                                                            • GetDriveTypeW.KERNEL32(?), ref: 00893FD6
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0089401E
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00894059
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00894087
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                                                                            • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1839972693-4113822522
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: df4914379dd41307db845fd8ff4cd401376fe5ba087f3b1394ed0fbcfa0a33d8
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c1de0daf5f5957bff0e2ecd00a2b54053e6f75812e53215b527bab133a34e446
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: df4914379dd41307db845fd8ff4cd401376fe5ba087f3b1394ed0fbcfa0a33d8
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A71D2326042119FCB10EF28C88096AB7F4FFA5768F14492DF995D7251EB31ED4ACB92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(00000063), ref: 00885A2E
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00885A40
                                                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,?), ref: 00885A57
                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003EA), ref: 00885A6C
                                                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(00000000,?), ref: 00885A72
                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 00885A82
                                                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(00000000,?), ref: 00885A88
                                                                                                                                                                                                                                                                                                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00885AA9
                                                                                                                                                                                                                                                                                                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00885AC3
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00885ACC
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00885B33
                                                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,?), ref: 00885B6F
                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00885B75
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 00885B7C
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00885BD3
                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 00885BE0
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000005,00000000,?), ref: 00885C05
                                                                                                                                                                                                                                                                                                                                                            • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00885C2F
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 895679908-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 31e48a402912ec5e4bfd4b099de07462d1567aafe14a97143365035b442fb64f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b975a944554a171d4eb05ad739750de09c4b4ddd24c8ef03257936ab651b85df
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 31e48a402912ec5e4bfd4b099de07462d1567aafe14a97143365035b442fb64f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 67716E31900B09AFDB20EFA8CE85EAEBBF5FF58714F104618E582E65A0D775E944CB50
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F89), ref: 0089FE27
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F8A), ref: 0089FE32
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 0089FE3D
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F03), ref: 0089FE48
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F8B), ref: 0089FE53
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F01), ref: 0089FE5E
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F81), ref: 0089FE69
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F88), ref: 0089FE74
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F80), ref: 0089FE7F
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F86), ref: 0089FE8A
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F83), ref: 0089FE95
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F85), ref: 0089FEA0
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F82), ref: 0089FEAB
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F84), ref: 0089FEB6
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F04), ref: 0089FEC1
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F02), ref: 0089FECC
                                                                                                                                                                                                                                                                                                                                                            • GetCursorInfo.USER32(?), ref: 0089FEDC
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0089FF1E
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3215588206-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 65decfafd553fdb2149d3fd0ac3d2c23f9400405415b46ea53c38af19a7e8f06
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 85d677c20620c01c7382e1104b8b363ad167c3eb109a3525aeac141fcdc1cffc
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 65decfafd553fdb2149d3fd0ac3d2c23f9400405415b46ea53c38af19a7e8f06
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EF4144B0D443196ADB10DFBA8C8985EBFE8FF04754B54452AF11DE7281DB789901CE91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 008400C6
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008400ED: InitializeCriticalSectionAndSpinCount.KERNEL32(008F070C,00000FA0,0672D3BE,?,?,?,?,008623B3,000000FF), ref: 0084011C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008400ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,008623B3,000000FF), ref: 00840127
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008400ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,008623B3,000000FF), ref: 00840138
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008400ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 0084014E
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008400ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0084015C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008400ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0084016A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008400ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00840195
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008400ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 008401A0
                                                                                                                                                                                                                                                                                                                                                            • ___scrt_fastfail.LIBCMT ref: 008400E7
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008400A3: __onexit.LIBCMT ref: 008400A9
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00840122
                                                                                                                                                                                                                                                                                                                                                            • SleepConditionVariableCS, xrefs: 00840154
                                                                                                                                                                                                                                                                                                                                                            • InitializeConditionVariable, xrefs: 00840148
                                                                                                                                                                                                                                                                                                                                                            • WakeAllConditionVariable, xrefs: 00840162
                                                                                                                                                                                                                                                                                                                                                            • kernel32.dll, xrefs: 00840133
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                                                                                                            • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5b88fa48070d0b560962a3f4cd85c14d51d054ab033ec0c98aafc074c3e23b40
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e9ff88985b9e71ec2c17fae6b322d3a94541e2b4653fc1466cdab484c8095310
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5b88fa48070d0b560962a3f4cd85c14d51d054ab033ec0c98aafc074c3e23b40
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6021F932A447186FD7106B78AC45B6B37D8FB44B51F040639FB11E6393DB7898008EA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 176396367-1603158881
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 888508e003491c5539d1ddaa371dd190424a0e2e64f8283781e255a55c758128
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ec6935ed2f3a57fbd0a3f87d07969f55b38f12d450ff15b83784883508782707
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 888508e003491c5539d1ddaa371dd190424a0e2e64f8283781e255a55c758128
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0DE1E631A0052AABCB18EFA8C4517EEBBB0FF54B14F548129E456F7240DB70AF858790
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CharLowerBuffW.USER32(00000000,00000000,008BCC08), ref: 00894527
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0089453B
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00894599
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008945F4
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0089463F
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008946A7
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0083F9F2: _wcslen.LIBCMT ref: 0083F9FD
                                                                                                                                                                                                                                                                                                                                                            • GetDriveTypeW.KERNEL32(?,008E6BF0,00000061), ref: 00894743
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                                                                            • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 079027668007a583b25529f7075c169777fd312c2931a535943c60ab34967418
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b0e1aeea75d2da7f2cb62a8f9f86ae9ea9e0f1789139cdd22a49db5c3f94c6ba
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 079027668007a583b25529f7075c169777fd312c2931a535943c60ab34967418
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C8B122716083029FCB10EF28C890E6AB7E5FFA5764F18591CF496C7291E730D886CB92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(00000000,?), ref: 008B6DEB
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00826B57: _wcslen.LIBCMT ref: 00826B6A
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 008B6E5F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 008B6E81
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 008B6E94
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 008B6EB5
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00820000,00000000), ref: 008B6EE4
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 008B6EFD
                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 008B6F16
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 008B6F1D
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 008B6F35
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 008B6F4D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00839944: GetWindowLongW.USER32(?,000000EB), ref: 00839952
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0$pJ$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2429346358-3346448661
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5c908e60ee56db38296b7cd67abb62807e60484429db0af0479bafc4abf2b0be
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4243e86b87fe9d0374ae784c242b4c81d9381f4d5f355739296737a475e80b91
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5c908e60ee56db38296b7cd67abb62807e60484429db0af0479bafc4abf2b0be
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5A717571604244AFDB20CF28D848EBABBE9FB99304F54051DF989C7360EB74E915CB12
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00839BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00839BB2
                                                                                                                                                                                                                                                                                                                                                            • DragQueryPoint.SHELL32(?,?), ref: 008B9147
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008B7674: ClientToScreen.USER32(?,?), ref: 008B769A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008B7674: GetWindowRect.USER32(?,?), ref: 008B7710
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008B7674: PtInRect.USER32(?,?,008B8B89), ref: 008B7720
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 008B91B0
                                                                                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 008B91BB
                                                                                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 008B91DE
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C2,00000001,?), ref: 008B9225
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 008B923E
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 008B9255
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 008B9277
                                                                                                                                                                                                                                                                                                                                                            • DragFinish.SHELL32(?), ref: 008B927E
                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 008B9371
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                                                                                                                            • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$pJ
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 221274066-1309245214
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ee727764eb3a60173023def158e11665e10a40add2467ccedd0168e6985cec10
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 882b07c7f91c6c80dbae6145a078486756178aa71cc5a1735179e0997911e313
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ee727764eb3a60173023def158e11665e10a40add2467ccedd0168e6985cec10
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6D614971108305AFD701DF64D885DABBBE8FF99750F000A2DF695922A1DB709A49CB62
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,008BCC08), ref: 008A40BB
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 008A40CD
                                                                                                                                                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,008BCC08), ref: 008A40F2
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,008BCC08), ref: 008A413E
                                                                                                                                                                                                                                                                                                                                                            • StringFromGUID2.OLE32(?,?,00000028,?,008BCC08), ref: 008A41A8
                                                                                                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000009), ref: 008A4262
                                                                                                                                                                                                                                                                                                                                                            • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 008A42C8
                                                                                                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 008A42F2
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                                                                                                                                                                                                                                                                                                            • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 354098117-199464113
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 349a4860b1127c82ea5212a180cee510391708eacf42448d6625ca3e135d3b38
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6999fdaffd57db382968eec8007bae7a18e26cfa049471650c31bf84262d6925
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 349a4860b1127c82ea5212a180cee510391708eacf42448d6625ca3e135d3b38
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 70122875A00119AFEF14CF54C884EAEB7B5FF8A318F248098E905DB651D771ED86CBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(008F1990), ref: 00862F8D
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(008F1990), ref: 0086303D
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00863081
                                                                                                                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(00000000), ref: 0086308A
                                                                                                                                                                                                                                                                                                                                                            • TrackPopupMenuEx.USER32(008F1990,00000000,?,00000000,00000000,00000000), ref: 0086309D
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 008630A9
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cd4b046b34313598aa8729cf2332c79322b9e582de697fa3ecd308c3df740b84
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4d36d9266eed3826280305fc2a3ff7a4541b352b459f6e14514f47cbbf3e33e0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cd4b046b34313598aa8729cf2332c79322b9e582de697fa3ecd308c3df740b84
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A2714970640615BFEB319F28DC59FAABF69FF05324F200216F524EA1E1CBB1A950CB91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00838F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00838BE8,?,00000000,?,?,?,?,00838BBA,00000000,?), ref: 00838FC5
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 00838C81
                                                                                                                                                                                                                                                                                                                                                            • KillTimer.USER32(00000000,?,?,?,?,00838BBA,00000000,?), ref: 00838D1B
                                                                                                                                                                                                                                                                                                                                                            • DestroyAcceleratorTable.USER32(00000000), ref: 00876973
                                                                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00838BBA,00000000,?), ref: 008769A1
                                                                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00838BBA,00000000,?), ref: 008769B8
                                                                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00838BBA,00000000), ref: 008769D4
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 008769E6
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: pJ
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 641708696-3211412816
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4a9360746dcb2be0e7786dc57d433f76385dc0466a1a7c7e7c1d944bb8a01499
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: db1311eb16be37f0bbb048f20ce1dd35b6449a1a38c275966c3a57898a9e9bbd
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4a9360746dcb2be0e7786dc57d433f76385dc0466a1a7c7e7c1d944bb8a01499
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 29618A30502B14DFCB259F29CA48B25BBF1FB90316F149528E086DBA64CB75E991CBE0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0089C4B0
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0089C4C3
                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0089C4D7
                                                                                                                                                                                                                                                                                                                                                            • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0089C4F0
                                                                                                                                                                                                                                                                                                                                                            • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0089C533
                                                                                                                                                                                                                                                                                                                                                            • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0089C549
                                                                                                                                                                                                                                                                                                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0089C554
                                                                                                                                                                                                                                                                                                                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0089C584
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0089C5DC
                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0089C5F0
                                                                                                                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 0089C5FB
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9b39e60eb03b45ef0bb432e5e3b4f3f512c576fc48c6ee02d4a11269c5563832
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b9b0d112cd42726212ff6e5d88bf696f3729ef6a9e9e2614ace195a0aa8da9de
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9b39e60eb03b45ef0bb432e5e3b4f3f512c576fc48c6ee02d4a11269c5563832
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A516CB0600208BFEF21AF65C988AAB7BFCFF08744F044519F946D6610DB72E944DBA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00839944: GetWindowLongW.USER32(?,000000EB), ref: 00839952
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 00839862
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: pJ
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 259745315-3211412816
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f84130315686f8de48a41e6d8dd747d986cce969a1c92b8c057628c3f6fc9c18
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d91b4e59a9ae4f94b961b525e85656a6be97455cbe685cb15a1e3e9f47441b3d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f84130315686f8de48a41e6d8dd747d986cce969a1c92b8c057628c3f6fc9c18
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD41AF31104644AFDB205F389C88BBA7BA5FB86330F144665F9E2D72E1C7B19841DB60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 008B8592
                                                                                                                                                                                                                                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 008B85A2
                                                                                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 008B85AD
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 008B85BA
                                                                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 008B85C8
                                                                                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 008B85D7
                                                                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 008B85E0
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 008B85E7
                                                                                                                                                                                                                                                                                                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 008B85F8
                                                                                                                                                                                                                                                                                                                                                            • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,008BFC38,?), ref: 008B8611
                                                                                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 008B8621
                                                                                                                                                                                                                                                                                                                                                            • GetObjectW.GDI32(?,00000018,?), ref: 008B8641
                                                                                                                                                                                                                                                                                                                                                            • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 008B8671
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 008B8699
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 008B86AF
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 20bc583f0b41de7e9b86db23167736cd5bbe1b8d3bb852dc5fe590e2257203e0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1d5daf5a1d4363b395712d3595b26e8648db67902bee1c67c4a48b2d2de7ce63
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 20bc583f0b41de7e9b86db23167736cd5bbe1b8d3bb852dc5fe590e2257203e0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6D410975600209EFDB119FA5CC48EAA7BBCFF99715F104159F919E7260DB309901CB60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(00000000), ref: 00891502
                                                                                                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(?,?), ref: 0089150B
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00891517
                                                                                                                                                                                                                                                                                                                                                            • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 008915FB
                                                                                                                                                                                                                                                                                                                                                            • VarR8FromDec.OLEAUT32(?,?), ref: 00891657
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00891708
                                                                                                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 0089178C
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 008917D8
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 008917E7
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(00000000), ref: 00891823
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                                                                                                                                                                                                                                                                            • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1234038744-3931177956
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 021566f5e088ccc29dd533431545b4d3c972a3b47c18d89634886a74127a0327
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9e919926a52ccd943bcdb2de52db65956d8fa1142b013d0ace2d4548d3b57a9c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 021566f5e088ccc29dd533431545b4d3c972a3b47c18d89634886a74127a0327
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AFD1E131A0811AEBDF00AF69D889B79B7B5FF44704F1A8056F446EB291DB30DD41DBA2
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008AC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,008AB6AE,?,?), ref: 008AC9B5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008AC998: _wcslen.LIBCMT ref: 008AC9F1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008AC998: _wcslen.LIBCMT ref: 008ACA68
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008AC998: _wcslen.LIBCMT ref: 008ACA9E
                                                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 008AB6F4
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 008AB772
                                                                                                                                                                                                                                                                                                                                                            • RegDeleteValueW.ADVAPI32(?,?), ref: 008AB80A
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 008AB87E
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 008AB89C
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(advapi32.dll), ref: 008AB8F2
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 008AB904
                                                                                                                                                                                                                                                                                                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 008AB922
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 008AB983
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 008AB994
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4a1d3ffe827af83942b1744e688e41e5ace7d63c449fefc858189759cb818979
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 74658c3b57d3efcd053595631b454b49224004d3b49e35da172b559c92fcf38f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4a1d3ffe827af83942b1744e688e41e5ace7d63c449fefc858189759cb818979
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 00C17D30204241AFE714DF18C494F2ABBE5FF85318F18855CF49A8B6A2DB75ED85CB92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00839BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00839BB2
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 008B8D5A
                                                                                                                                                                                                                                                                                                                                                            • GetFocus.USER32 ref: 008B8D6A
                                                                                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32(00000000), ref: 008B8D75
                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 008B8E1D
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 008B8ECF
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(?), ref: 008B8EEC
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemID.USER32(?,00000000), ref: 008B8EFC
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 008B8F2E
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 008B8F70
                                                                                                                                                                                                                                                                                                                                                            • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 008B8FA1
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0$pJ
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1026556194-3497692993
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 98ff28a496dd3363e70d53f0076a9f67a3d9c4751fc784c71f61c15ce193005d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d087161805b1e3f8a41304aa4c4a957e28cbf44bbb335c6799d6d3e35862b75b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 98ff28a496dd3363e70d53f0076a9f67a3d9c4751fc784c71f61c15ce193005d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 47816A71508305EFDB20CF24D885AABBBE9FB88754F140A1AF995D7391DB70D900CBA2
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 008B5504
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 008B5515
                                                                                                                                                                                                                                                                                                                                                            • CharNextW.USER32(00000158), ref: 008B5544
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 008B5585
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 008B559B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 008B55AC
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$CharNext
                                                                                                                                                                                                                                                                                                                                                            • String ID: pJ
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1350042424-3211412816
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ddbd65a8885ee3f92181f0ba6c1e000b557d6898743768a3e43f58999cc8dcea
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 98da07cdebeda7c45bf35f36cb96587d96b33fe60454a1ac9dc3eb2e3dd23fb0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ddbd65a8885ee3f92181f0ba6c1e000b557d6898743768a3e43f58999cc8dcea
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FE617970900609AFDF209FA4DC84EFE7BB9FB0A725F104149F925EA391D7749A80DB61
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 008A25D8
                                                                                                                                                                                                                                                                                                                                                            • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 008A25E8
                                                                                                                                                                                                                                                                                                                                                            • CreateCompatibleDC.GDI32(?), ref: 008A25F4
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,?), ref: 008A2601
                                                                                                                                                                                                                                                                                                                                                            • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 008A266D
                                                                                                                                                                                                                                                                                                                                                            • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 008A26AC
                                                                                                                                                                                                                                                                                                                                                            • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 008A26D0
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 008A26D8
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 008A26E1
                                                                                                                                                                                                                                                                                                                                                            • DeleteDC.GDI32(?), ref: 008A26E8
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,?), ref: 008A26F3
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                                                                                                            • String ID: (
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 80cdde844b9afc32e5c3f02aec4f43f1fcc16d870b10a620bbe5767217b27df1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e317f491ffa65600fdaad8a63cae396bfc45f060e8f51135c85d91fca7e7c054
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 80cdde844b9afc32e5c3f02aec4f43f1fcc16d870b10a620bbe5767217b27df1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE61D175D00219EFDF14CFA8D984AAEBBB5FF48310F208529E955E7250E770A951CFA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ___free_lconv_mon.LIBCMT ref: 0085DAA1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0085D63C: _free.LIBCMT ref: 0085D659
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0085D63C: _free.LIBCMT ref: 0085D66B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0085D63C: _free.LIBCMT ref: 0085D67D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0085D63C: _free.LIBCMT ref: 0085D68F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0085D63C: _free.LIBCMT ref: 0085D6A1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0085D63C: _free.LIBCMT ref: 0085D6B3
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0085D63C: _free.LIBCMT ref: 0085D6C5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0085D63C: _free.LIBCMT ref: 0085D6D7
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0085D63C: _free.LIBCMT ref: 0085D6E9
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0085D63C: _free.LIBCMT ref: 0085D6FB
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0085D63C: _free.LIBCMT ref: 0085D70D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0085D63C: _free.LIBCMT ref: 0085D71F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0085D63C: _free.LIBCMT ref: 0085D731
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0085DA96
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008529C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0085D7D1,00000000,00000000,00000000,00000000,?,0085D7F8,00000000,00000007,00000000,?,0085DBF5,00000000), ref: 008529DE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008529C8: GetLastError.KERNEL32(00000000,?,0085D7D1,00000000,00000000,00000000,00000000,?,0085D7F8,00000000,00000007,00000000,?,0085DBF5,00000000,00000000), ref: 008529F0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0085DAB8
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0085DACD
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0085DAD8
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0085DAFA
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0085DB0D
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0085DB1B
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0085DB26
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0085DB5E
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0085DB65
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0085DB82
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0085DB9A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 161543041-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: fe5c2065ee3ebae3ac6d47f5cd47bdae3af7281c3fc528eb5de6cfccf7fd262a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3ea79b260e6c07ce6985714f27925c397bdbd5ec0b29806bba12cfac4f2621c0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fe5c2065ee3ebae3ac6d47f5cd47bdae3af7281c3fc528eb5de6cfccf7fd262a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 44314D316047059FEB32AA39E845F967BE9FF01322F554419EC49E7291DF31AC48C722
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 0088369C
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008836A7
                                                                                                                                                                                                                                                                                                                                                            • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00883797
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 0088380C
                                                                                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32(?), ref: 0088385D
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00883882
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 008838A0
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(00000000), ref: 008838A7
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 00883921
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 0088395D
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: %s%u
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4010501982-679674701
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2c6b042df18f8c07d307d9924c054a7126b595b3be7280f03945331fd9b9aa41
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ee78a1b62c4cb6a1e0348f31af1a71819e8d16c8bed38a1a023fad3813093c28
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2c6b042df18f8c07d307d9924c054a7126b595b3be7280f03945331fd9b9aa41
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1491D571204706AFD719EF24C885FAAFBE8FF45750F008629F999C2191EB30EA45CB91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 00884994
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 008849DA
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008849EB
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,00000000), ref: 008849F7
                                                                                                                                                                                                                                                                                                                                                            • _wcsstr.LIBVCRUNTIME ref: 00884A2C
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 00884A64
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 00884A9D
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 00884AE6
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 00884B20
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00884B8B
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                            • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b65e37d36327e7e16f456498640e9f3ec233c07f061185b2dcc430e1d496747f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e46815ce231884afa7c6bc5a18cba61ade972d7dcaf87614c303f0ad92aaada7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b65e37d36327e7e16f456498640e9f3ec233c07f061185b2dcc430e1d496747f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1791E27200420A9FDB04EF54C981FAA77E9FF44314F04946AFD85DA096EB34ED45CBA2
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(008F1990,000000FF,00000000,00000030), ref: 0088BFAC
                                                                                                                                                                                                                                                                                                                                                            • SetMenuItemInfoW.USER32(008F1990,00000004,00000000,00000030), ref: 0088BFE1
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000001F4), ref: 0088BFF3
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(?), ref: 0088C039
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemID.USER32(?,00000000), ref: 0088C056
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemID.USER32(?,-00000001), ref: 0088C082
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemID.USER32(?,?), ref: 0088C0C9
                                                                                                                                                                                                                                                                                                                                                            • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0088C10F
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0088C124
                                                                                                                                                                                                                                                                                                                                                            • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0088C145
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1460738036-4108050209
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5583110c3b873d7d97b9b88142cca65d3154463a606ed514863d0b90040dc396
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8e4e2b87daf91e047b5ddf2833ecca6eca76b4e3bd6cbe5edd791c0c25bf62b8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5583110c3b873d7d97b9b88142cca65d3154463a606ed514863d0b90040dc396
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 90618CB090024AEFDF21EF68DC88EAEBBA8FB45344F100115E911E3292DB35AD04CB71
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 008B3A9D
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 008B3AA0
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 008B3AC7
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 008B3AEA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 008B3B62
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 008B3BAC
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 008B3BC7
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 008B3BE2
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 008B3BF6
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 008B3C13
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: pJ
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 312131281-3211412816
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f88f7599315452405055fec4c13e17a186312eeaebcec06bcf34c4ff881029a7
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4436176f4ee81378005c51b72af9014a1bc8daaaab1df2d7cf740b062f856451
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f88f7599315452405055fec4c13e17a186312eeaebcec06bcf34c4ff881029a7
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E616875A00248AFDB11DFA8CC85EEE7BB8FB09714F100199FA15E73A1C770AA45DB60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetFileVersionInfoSizeW.VERSION(?,?), ref: 0088DC20
                                                                                                                                                                                                                                                                                                                                                            • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 0088DC46
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0088DC50
                                                                                                                                                                                                                                                                                                                                                            • _wcsstr.LIBVCRUNTIME ref: 0088DCA0
                                                                                                                                                                                                                                                                                                                                                            • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 0088DCBC
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                            • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1939486746-1459072770
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d17479e72c7612667a440462238e5f215a3e4607e5a114d2722fa05d4a873812
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ab599db7aae582dc4b9ba73ea3edb20154b6d063e91af39bcb63b7deb34f5e76
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d17479e72c7612667a440462238e5f215a3e4607e5a114d2722fa05d4a873812
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A141E0329403197BDB20B66ADC47EBF776CFF52760F10006AF904E6283EA64990197A6
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 008ACC64
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 008ACC8D
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 008ACD48
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008ACC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 008ACCAA
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008ACC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 008ACCBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008ACC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 008ACCCF
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008ACC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 008ACD05
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008ACC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 008ACD28
                                                                                                                                                                                                                                                                                                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 008ACCF3
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                                                                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: bf8d49b810837472354f64ab388034f5493d0344c58de04d7e192c1e6d1c4a11
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8ecb441910474e85251d9512b487c105aa74510a8d1ff2803ee300b32d83d99e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bf8d49b810837472354f64ab388034f5493d0344c58de04d7e192c1e6d1c4a11
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F5318D71901128BBEB209B95DC88EFFBB7CFF16750F000165F916E2240DB749A46DAB0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00893D40
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00893D6D
                                                                                                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 00893D9D
                                                                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00893DBE
                                                                                                                                                                                                                                                                                                                                                            • RemoveDirectoryW.KERNEL32(?), ref: 00893DCE
                                                                                                                                                                                                                                                                                                                                                            • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00893E55
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00893E60
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00893E6B
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9e08bc0357ff0d3d8f2424ea4ad20bab93a4ca007d010035f29b771f1655669a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 747a05c64eaad838ce8c21ffcb58e6e4391d8edfa9efba1ec1392e56a1f07788
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9e08bc0357ff0d3d8f2424ea4ad20bab93a4ca007d010035f29b771f1655669a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2031AD7290420AABDB20ABA4DC48FAF37BCFF88700F1441B5F619D6160EB7497448B24
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • timeGetTime.WINMM ref: 0088E6B4
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0083E551: timeGetTime.WINMM(?,?,0088E6D4), ref: 0083E555
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0000000A), ref: 0088E6E1
                                                                                                                                                                                                                                                                                                                                                            • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 0088E705
                                                                                                                                                                                                                                                                                                                                                            • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0088E727
                                                                                                                                                                                                                                                                                                                                                            • SetActiveWindow.USER32 ref: 0088E746
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0088E754
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000010,00000000,00000000), ref: 0088E773
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000000FA), ref: 0088E77E
                                                                                                                                                                                                                                                                                                                                                            • IsWindow.USER32 ref: 0088E78A
                                                                                                                                                                                                                                                                                                                                                            • EndDialog.USER32(00000000), ref: 0088E79B
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                                                                                                            • String ID: BUTTON
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a1428e8900b675f98284af4cfea6d56455672c80c483387f0b4f29c122f30612
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: dfff6b3824257e712ed5fd4e42a813a446f9cc423365971a3ea3d96022add3d1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a1428e8900b675f98284af4cfea6d56455672c80c483387f0b4f29c122f30612
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CF215EB0200605AFEB10BFB4EDC9E363B69FB65B49F101525F516C22B1EBB5AC00DB25
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0088EA5D
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0088EA73
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0088EA84
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0088EA96
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0088EAA7
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9c1ea19f47a590c9bb2d5c33a5b536b2abf105e7148baf341dad29f509ca399a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 87b6400c7098e4ed4432296102782cdeddc44a6087a537869c9a3b2b06e8f4cf
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9c1ea19f47a590c9bb2d5c33a5b536b2abf105e7148baf341dad29f509ca399a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9C116D61A5026979D724B7A6ED4ADFB6A7CFBA2F80F000429B811E21D1EA600A54C6B1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 0088A012
                                                                                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(?), ref: 0088A07D
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(000000A0), ref: 0088A09D
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(000000A0), ref: 0088A0B4
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(000000A1), ref: 0088A0E3
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(000000A1), ref: 0088A0F4
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000011), ref: 0088A120
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000011), ref: 0088A12E
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000012), ref: 0088A157
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000012), ref: 0088A165
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(0000005B), ref: 0088A18E
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(0000005B), ref: 0088A19C
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4d2cb6ee2d2b838f769e47e45954a1a58bee98f62d287e72ddfbd307d9953587
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: da7f7e511fda92a2348d3e3a44ccfa840248bd0cbe462b87fea7cbb0a6c977aa
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d2cb6ee2d2b838f769e47e45954a1a58bee98f62d287e72ddfbd307d9953587
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8851B62490478869FB39FB6488157AABFB4EF12380F08459AD5C2D61C3EA54AA4CC763
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000001), ref: 00885CE2
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00885CFB
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00885D59
                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000002), ref: 00885D69
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00885D7B
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00885DCF
                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 00885DDD
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00885DEF
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00885E31
                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003EA), ref: 00885E44
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00885E5A
                                                                                                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 00885E67
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3096461208-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 24e3af680dcff2a49788863b2e859553d8aac73d2511782c0976d53ba6513862
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b6689d463180b4dd77c4ed20852612658544928e318f140f4c92780ed78d3b39
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 24e3af680dcff2a49788863b2e859553d8aac73d2511782c0976d53ba6513862
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD510E71B00609AFDF18DF68DD89AAEBBB5FB58301F148229F915E7290D770AE04CB50
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 008B5186
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000000), ref: 008B51C7
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000005,?,00000000), ref: 008B51CD
                                                                                                                                                                                                                                                                                                                                                            • SetFocus.USER32(?,?,00000005,?,00000000), ref: 008B51D1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008B6FBA: DeleteObject.GDI32(00000000), ref: 008B6FE6
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 008B520D
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 008B521A
                                                                                                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 008B524D
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 008B5287
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 008B5296
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                                                                                                                                                            • String ID: pJ
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3210457359-3211412816
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ec8b32beef04908634b839624768a2a60ee0727b19f5d53fc73f15d4e3b24a4b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6911074f89132d3b21e9e7ae3e798bed283bb904478d7d884c4678c034fb0812
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ec8b32beef04908634b839624768a2a60ee0727b19f5d53fc73f15d4e3b24a4b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2A519E30A42A08BFEF249F28DC4ABD93B65FB05325F148112F625D63E0C7B5A990DB41
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,0086F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00889717
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000,?,0086F7F8,00000001), ref: 00889720
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,0086F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00889742
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000,?,0086F7F8,00000001), ref: 00889745
                                                                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00889866
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: af28b8bb18e653bdd38ba9775c58e1ff3182cb169795f099cfa1c451d47b42a1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 27ca311335daf38a88fd99df93452eac092f3e956312989e24696216ea959a2d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: af28b8bb18e653bdd38ba9775c58e1ff3182cb169795f099cfa1c451d47b42a1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 84412E72800229AACB04FBE8ED56DEE7778FF55340F540465F605F2192EA356F88CB62
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00826B57: _wcslen.LIBCMT ref: 00826B6A
                                                                                                                                                                                                                                                                                                                                                            • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 008807A2
                                                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 008807BE
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 008807DA
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00880804
                                                                                                                                                                                                                                                                                                                                                            • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 0088082C
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00880837
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0088083C
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ed55fb9b801395e4ed95e2c4f9199ae02969293c3dd91f5c2e48e85b919bff65
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c14cdd4d45098297e7707900f5f39c75a4f348dd6eda25dcefbb9b06556ebc01
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ed55fb9b801395e4ed95e2c4f9199ae02969293c3dd91f5c2e48e85b919bff65
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4F41E972C10229ABDF15EBA4EC958EEB778FF04750F054129E911E7261EB349E48CFA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateMenu.USER32 ref: 008B3C79
                                                                                                                                                                                                                                                                                                                                                            • SetMenu.USER32(?,00000000), ref: 008B3C88
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 008B3D10
                                                                                                                                                                                                                                                                                                                                                            • IsMenu.USER32(?), ref: 008B3D24
                                                                                                                                                                                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 008B3D2E
                                                                                                                                                                                                                                                                                                                                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 008B3D5B
                                                                                                                                                                                                                                                                                                                                                            • DrawMenuBar.USER32 ref: 008B3D63
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0$F$pJ
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 161812096-2007633406
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: fa8b97bb578f6f5c0223b19f265bf3375f1230400307ea83f409c061426a297a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2aa073d1b16793bbb9b886fd88ec29bd27db1af38637f2c73be483fef9108070
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fa8b97bb578f6f5c0223b19f265bf3375f1230400307ea83f409c061426a297a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 97413A75A01209EFDB24CF64D854EEA7BB5FF49350F180129F946E7360D771AA10CB94
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 008B403B
                                                                                                                                                                                                                                                                                                                                                            • CreateCompatibleDC.GDI32(00000000), ref: 008B4042
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 008B4055
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 008B405D
                                                                                                                                                                                                                                                                                                                                                            • GetPixel.GDI32(00000000,00000000,00000000), ref: 008B4068
                                                                                                                                                                                                                                                                                                                                                            • DeleteDC.GDI32(00000000), ref: 008B4072
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000EC), ref: 008B407C
                                                                                                                                                                                                                                                                                                                                                            • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 008B4092
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 008B409E
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                                                                                                                                                                                                                                                                                            • String ID: static
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2559357485-2160076837
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6f00fe545a88088d0387598a431af928355e85745983e2176f0bcd9f09879b68
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 87959aa1117bc13072c03e20b4d065a4d7843a977c308f2b1b16b7b5133a12fb
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f00fe545a88088d0387598a431af928355e85745983e2176f0bcd9f09879b68
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 57317C32101219ABDF219FA8CC09FEA3B68FF0D320F000311FA55E62A1C775D811DB64
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 008A3C5C
                                                                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 008A3C8A
                                                                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 008A3C94
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008A3D2D
                                                                                                                                                                                                                                                                                                                                                            • GetRunningObjectTable.OLE32(00000000,?), ref: 008A3DB1
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001,00000029), ref: 008A3ED5
                                                                                                                                                                                                                                                                                                                                                            • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 008A3F0E
                                                                                                                                                                                                                                                                                                                                                            • CoGetObject.OLE32(?,00000000,008BFB98,?), ref: 008A3F2D
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000), ref: 008A3F40
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 008A3FC4
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 008A3FD8
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 429561992-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8cea0d588a957fbeda13759f18fc730b58e526b48c4050eba6a553385782d050
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8ce546ed69e5be26db3f92780dbbcd6e9e47e534ef1ce8a1860e0a1f29a2c45e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8cea0d588a957fbeda13759f18fc730b58e526b48c4050eba6a553385782d050
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D7C115716082059FE700DF68C88492BBBE9FF8A748F14491DF98ADB611DB31EE45CB52
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 00897AF3
                                                                                                                                                                                                                                                                                                                                                            • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00897B8F
                                                                                                                                                                                                                                                                                                                                                            • SHGetDesktopFolder.SHELL32(?), ref: 00897BA3
                                                                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(008BFD08,00000000,00000001,008E6E6C,?), ref: 00897BEF
                                                                                                                                                                                                                                                                                                                                                            • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00897C74
                                                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(?,?), ref: 00897CCC
                                                                                                                                                                                                                                                                                                                                                            • SHBrowseForFolderW.SHELL32(?), ref: 00897D57
                                                                                                                                                                                                                                                                                                                                                            • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00897D7A
                                                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 00897D81
                                                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 00897DD6
                                                                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 00897DDC
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 29f293017dbb95a0be04e24d5617e2d28e4950b187df2f71c618af7a12426035
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 51cc3658653ad329d809d060a01c51aca5d623d77b00513b4788330f1b1d125e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 29f293017dbb95a0be04e24d5617e2d28e4950b187df2f71c618af7a12426035
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A3C10A75A04119AFCB14DF64C884DAEBBB9FF48314B1485A9F81ADB361D730EE45CB90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0087FAAF
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAllocData.OLEAUT32(?), ref: 0087FB08
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 0087FB1A
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(?,?), ref: 0087FB3A
                                                                                                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(?,?), ref: 0087FB8D
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayUnaccessData.OLEAUT32(?), ref: 0087FBA1
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 0087FBB6
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayDestroyData.OLEAUT32(?), ref: 0087FBC3
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0087FBCC
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 0087FBDE
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0087FBE9
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d0a7ca3901d70c25fd1bb51a757139076d76dccf69a4941985d777dc7e92c319
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e38643a87d4e25dea4f86fc001e5f9958153b0dd861948283cbe903919786277
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d0a7ca3901d70c25fd1bb51a757139076d76dccf69a4941985d777dc7e92c319
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 01413E35A00219DFCF00DF69D8549AEBBB9FF48354F008569E959E7262CB30EA45CFA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 00889CA1
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(000000A0), ref: 00889D22
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(000000A0), ref: 00889D3D
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(000000A1), ref: 00889D57
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(000000A1), ref: 00889D6C
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000011), ref: 00889D84
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000011), ref: 00889D96
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000012), ref: 00889DAE
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000012), ref: 00889DC0
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(0000005B), ref: 00889DD8
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(0000005B), ref: 00889DEA
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 11ab7cc813602dc1eac46654e82268497ff20c5c42c1fa453859a87ded7dcac1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 89ff279fa4f154daf1d3208ae910b8d0e95f816b3db2537bc9aba081bd07effc
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 11ab7cc813602dc1eac46654e82268497ff20c5c42c1fa453859a87ded7dcac1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2141A6346047C96DFF31A664C8043B5BEE1FF11344F0C815ADAC6965C2EBE599C8C7A6
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00839BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00839BB2
                                                                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(0000000F), ref: 008B9FC7
                                                                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(0000000F), ref: 008B9FE7
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 008BA224
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 008BA242
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 008BA263
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000003,00000000), ref: 008BA282
                                                                                                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 008BA2A7
                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000005,?,?), ref: 008BA2CA
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                                                                                                                                                                                                                                                                                                            • String ID: pJ
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1211466189-3211412816
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: de4b6aae1bec72411ad5b5649df9b25b21b0aef7eb49613a582ddc13045e0670
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: fbde1367effc5b35532a366bc903f344c0a3aa59642379d07e7f2215c8b67f6b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: de4b6aae1bec72411ad5b5649df9b25b21b0aef7eb49613a582ddc13045e0670
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F0B15831600219DBDF18CF68C985BEA7BB2FF44711F088169ED85DB395DB71A940CB61
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • WSAStartup.WSOCK32(00000101,?), ref: 008A05BC
                                                                                                                                                                                                                                                                                                                                                            • inet_addr.WSOCK32(?), ref: 008A061C
                                                                                                                                                                                                                                                                                                                                                            • gethostbyname.WSOCK32(?), ref: 008A0628
                                                                                                                                                                                                                                                                                                                                                            • IcmpCreateFile.IPHLPAPI ref: 008A0636
                                                                                                                                                                                                                                                                                                                                                            • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 008A06C6
                                                                                                                                                                                                                                                                                                                                                            • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 008A06E5
                                                                                                                                                                                                                                                                                                                                                            • IcmpCloseHandle.IPHLPAPI(?), ref: 008A07B9
                                                                                                                                                                                                                                                                                                                                                            • WSACleanup.WSOCK32 ref: 008A07BF
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                                                                                                            • String ID: Ping
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7af30aa2a11fbe40a33da1c2bc4c836b2b41656bfaa8f667bf70391b17c19aaf
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b466ee2ff8f22e0ad783c8daa6b737a6809e95fa466d66f608547093d466b8b8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7af30aa2a11fbe40a33da1c2bc4c836b2b41656bfaa8f667bf70391b17c19aaf
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 48917D355042019FE720CF19D489F1ABBE0FF45318F1485A9E46ADBAA2D731ED45CF92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                                                                                                            • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d6e6235cbb8863f5a5a7d7dc22a1996af1be4e5ae1c37b6e505e66e6ea2c9717
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9ef97223dd5c08dbb30c9bb230973be17462f5b3857d0c15dd9713158119ac1b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d6e6235cbb8863f5a5a7d7dc22a1996af1be4e5ae1c37b6e505e66e6ea2c9717
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2551B131A0051ADBDF14DF6CC8409BEB7A5FF66324B214229E826E7680EF30DD50C7A0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32 ref: 008A3774
                                                                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 008A377F
                                                                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(?,00000000,00000017,008BFB78,?), ref: 008A37D9
                                                                                                                                                                                                                                                                                                                                                            • IIDFromString.OLE32(?,?), ref: 008A384C
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 008A38E4
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 008A3936
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                                                                                                            • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 26d07d45eb5227c656dd18ca11124f16139332813518d7e3f8b24a8f7e300884
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ddc37e799ada962ba1b9208b6505fc9352ebad27ab72a25903ce650dee52eae4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 26d07d45eb5227c656dd18ca11124f16139332813518d7e3f8b24a8f7e300884
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7B61AE70608311AFE310DF54D888B6ABBE8FF4A714F100929F995DB691D774EE48CB92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00839BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00839BB2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0083912D: GetCursorPos.USER32(?), ref: 00839141
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0083912D: ScreenToClient.USER32(00000000,?), ref: 0083915E
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0083912D: GetAsyncKeyState.USER32(00000001), ref: 00839183
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0083912D: GetAsyncKeyState.USER32(00000002), ref: 0083919D
                                                                                                                                                                                                                                                                                                                                                            • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 008B8B6B
                                                                                                                                                                                                                                                                                                                                                            • ImageList_EndDrag.COMCTL32 ref: 008B8B71
                                                                                                                                                                                                                                                                                                                                                            • ReleaseCapture.USER32 ref: 008B8B77
                                                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,00000000), ref: 008B8C12
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 008B8C25
                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 008B8CFF
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                                                                                                                                                                                            • String ID: @GUI_DRAGFILE$@GUI_DROPID$pJ
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1924731296-1630931494
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9ec028d37f83d3b051c1c5b93cd2c88f272fe0fc65d09c9979e0241f284bcce9
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: cea7905f47565af1bf3bb38af934546835d8e6a2f4f1605b4e78a61dbb2c5db8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9ec028d37f83d3b051c1c5b93cd2c88f272fe0fc65d09c9979e0241f284bcce9
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E517F71204314AFD704DF24DC6AFAA7BE4FB88714F40062DF996972E1DB71A944CBA2
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 008933CF
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 008933F0
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4099089115-3080491070
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4beaf80d85a03e0a0876fef5e46747cf45a9a2183255cd88a22e8db9fc561a54
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ae1639c52858b400e0903d27dae5d99f9f89b8a43ec626c79798204a59e096c7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4beaf80d85a03e0a0876fef5e46747cf45a9a2183255cd88a22e8db9fc561a54
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B51AD71800219AACF15EBA4ED56EEEB778FF14340F144065F405F2292EB356F98CB62
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                            • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1256254125-769500911
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 36d07ba0fadfe55471a08e49feda505e749fba881d129e2754591ff438958747
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e77ca66f3ea3337b470ba1afa2af0d3dbea893875b00d931ca1ab04e68dd2bfd
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 36d07ba0fadfe55471a08e49feda505e749fba881d129e2754591ff438958747
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE419332A001279BCB20BE7D89905BE7BA5FFF17A4B254229E561D7284F731CD81C790
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0088BCFD
                                                                                                                                                                                                                                                                                                                                                            • IsMenu.USER32(00000000), ref: 0088BD1D
                                                                                                                                                                                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 0088BD53
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(J), ref: 0088BDA4
                                                                                                                                                                                                                                                                                                                                                            • InsertMenuItemW.USER32(J,?,00000001,00000030), ref: 0088BDCC
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0$2$J$J
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 93392585-4061486213
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2bce46c12a522bde595f1fa0005999fe387560c36fea9ae3261394ae87880302
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 00805d4080e814d709776a1ffb31b378674873aae7a8f2bcf50f400a3e6aee29
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2bce46c12a522bde595f1fa0005999fe387560c36fea9ae3261394ae87880302
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B451B070A00209EBDF20EFA8D884BAEBBF4FF85314F144219E451D72A1D7709D45CB61
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 008953A0
                                                                                                                                                                                                                                                                                                                                                            • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00895416
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00895420
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,READY), ref: 008954A7
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                                                                                                                                                            • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4194297153-14809454
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 900f716dddb7cf12674022df5d54a4e110052d471d1671d4983abce7a75d3d43
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1412118e9cd2e416e6a7782e503ccb386366362bb794d949c4406d87802d5827
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 900f716dddb7cf12674022df5d54a4e110052d471d1671d4983abce7a75d3d43
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FD31D4B5A006089FCB52EF69C884AAABBB4FF45305F188065F505DB292E731DD86CB91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00883CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00883CCA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00881F64
                                                                                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32 ref: 00881F6F
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32 ref: 00881F8B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 00881F8E
                                                                                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32(?), ref: 00881F97
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 00881FAB
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 00881FAE
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: bc5d6a5251fbd0aee392d9fa09ade44700210bbff7f096c094069e159964b8ce
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 84a52db7c15d2681a2099a650296ebfc1205b1752fb5894fd654ae0b82d7f0c5
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bc5d6a5251fbd0aee392d9fa09ade44700210bbff7f096c094069e159964b8ce
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8821B074A00218BBCF04AFA4DC85DEEBBB8FF1A310F000219FA61A7291DB745905DB60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00883CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00883CCA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00882043
                                                                                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32 ref: 0088204E
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32 ref: 0088206A
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 0088206D
                                                                                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32(?), ref: 00882076
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 0088208A
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 0088208D
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f513bd45325f4e7be3789f1da5c3610bffdf2818cffedcb1afc56b92717ca8f0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 58d3662481572c3e8ef2002584e4bf9d838360303c9c8d7c34730ee38c84e8b1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f513bd45325f4e7be3789f1da5c3610bffdf2818cffedcb1afc56b92717ca8f0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6B219FB5D00218BBCF10AFA4DC85EEEBBB8FF1A340F004116F991E72A1DA794955DB61
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00852C94
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008529C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0085D7D1,00000000,00000000,00000000,00000000,?,0085D7F8,00000000,00000007,00000000,?,0085DBF5,00000000), ref: 008529DE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008529C8: GetLastError.KERNEL32(00000000,?,0085D7D1,00000000,00000000,00000000,00000000,?,0085D7F8,00000000,00000007,00000000,?,0085DBF5,00000000,00000000), ref: 008529F0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00852CA0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00852CAB
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00852CB6
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00852CC1
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00852CCC
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00852CD7
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00852CE2
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00852CED
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00852CFB
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3f79551e3c01a5dd23cdf30e0b33eb3629f49d38d64ec70c9d60344b1565739e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d14d0e2a5c9d1c065a4d243c3c0a8256df27e2bcf3a1b7c730fc85edf72aa1ec
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3f79551e3c01a5dd23cdf30e0b33eb3629f49d38d64ec70c9d60344b1565739e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E8119676100108AFCB02EF58D882DDD3FA5FF06351F5144A5FE48AB322DA31EE549B92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00897FAD
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00897FC1
                                                                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?), ref: 00897FEB
                                                                                                                                                                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,00000000), ref: 00898005
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00898017
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00898060
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 008980B0
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 378f8f0e85c211fdb5953a30d3f00cd9d712fa583768ae4400808fc95e1794b1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a2da5bc438678d74c323d56b43e678a88befcb3d97a4ed49056c5b99e4ef419a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 378f8f0e85c211fdb5953a30d3f00cd9d712fa583768ae4400808fc95e1794b1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F081AF725182459BCF20FF18C8449AEB3E8FF89714F58486EF885D7250EB34DD498B92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • IsWindow.USER32(00ED4A70), ref: 008B7F37
                                                                                                                                                                                                                                                                                                                                                            • IsWindowEnabled.USER32(00ED4A70), ref: 008B7F43
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 008B801E
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00ED4A70,000000B0,?,?), ref: 008B8051
                                                                                                                                                                                                                                                                                                                                                            • IsDlgButtonChecked.USER32(?,?), ref: 008B8089
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(00ED4A70,000000EC), ref: 008B80AB
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 008B80C3
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                                                                                                                                                                            • String ID: pJ
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4072528602-3211412816
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 07018c1d7c361b1cd2d10fc84943fb0929171775edf787f53a208428218f4c2c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e9e2597cc7cc9743371f0b46e2dd14044e87bfec815eb8d07cb840d8a7b33469
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 07018c1d7c361b1cd2d10fc84943fb0929171775edf787f53a208428218f4c2c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 51718834A09604EFEB20AF64C884FFABBB9FF99340F140459E955D73A1CB31A845CB24
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EB), ref: 00825C7A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00825D0A: GetClientRect.USER32(?,?), ref: 00825D30
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00825D0A: GetWindowRect.USER32(?,?), ref: 00825D71
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00825D0A: ScreenToClient.USER32(?,?), ref: 00825D99
                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32 ref: 008646F5
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00864708
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00864716
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 0086472B
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?,00000000), ref: 00864733
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 008647C4
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                                                                                                            • String ID: U
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 86a4ad31ab4b232605b9e40d9506c84b0c49d2ba48b087dc7cd7c83f44cf3bf9
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7a1ead3a28412cbd19007a1494b84362b50f58dbc7731fd958ea551b1c2c6a17
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 86a4ad31ab4b232605b9e40d9506c84b0c49d2ba48b087dc7cd7c83f44cf3bf9
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9871FF30500209DFCF218F68C984ABE3BB6FF5A364F255269ED51DA2A6D7309881DF60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 008935E4
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(008F2390,?,00000FFF,?), ref: 0089360A
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4099089115-2391861430
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 675af93ef90a2aa70a525de9a2564a0c537de344180c8e1c8951ff4ffe8f4f5b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0af09cfe069d2e2c79d40a9415b25c9d4d83116fe5bc45b2ed9d7cb3681a13ad
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 675af93ef90a2aa70a525de9a2564a0c537de344180c8e1c8951ff4ffe8f4f5b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D3516E71800219BBCF15EBA4EC56EEEBB78FF14344F184125F515B2192EB341B98DB62
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 008B2E1C
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 008B2E4F
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 008B2E84
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 008B2EB6
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 008B2EE0
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 008B2EF1
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 008B2F0B
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID: pJ
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2178440468-3211412816
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a3f2e10f38327cddfa2483adeee65ec5c2c8c2749db15cc9354e0771dd7f5a53
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e9dd54a426e370712ccbe31904e69219aaa557ea5d14cbc51ce81aaf75feb9eb
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a3f2e10f38327cddfa2483adeee65ec5c2c8c2749db15cc9354e0771dd7f5a53
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B31F030644254AFEB61CF69DC88FA53BA5FBAA710F1501A4F901CB2B2CBB1E840DB51
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0089C272
                                                                                                                                                                                                                                                                                                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0089C29A
                                                                                                                                                                                                                                                                                                                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0089C2CA
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0089C322
                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?), ref: 0089C336
                                                                                                                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 0089C341
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 437eba82058aa035e6bfd271c601abc2f9a400665adb954575c43ab39e06b5ba
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 89e54ea509f86908362b55809aea415706d1f14c7afd1d476531c800645e7fcc
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 437eba82058aa035e6bfd271c601abc2f9a400665adb954575c43ab39e06b5ba
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FE3150B1600608AFDB21AFA9CC88AAB7BFCFB49744F18851DF446D2201DB76DD049B65
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00863AAF,?,?,Bad directive syntax error,008BCC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 008898BC
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000,?,00863AAF,?), ref: 008898C3
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00889987
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 04275180b277853f4684cdcf086fa8c423ec0dfd74a76ed640d975ff4415c456
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4644bc344b95123e1bc8bc537a46e1a8804c0c76625fbadd0740236b33666db2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 04275180b277853f4684cdcf086fa8c423ec0dfd74a76ed640d975ff4415c456
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E217131C0021EABCF11EF94DC1AEEE7735FF28304F084465F515A11A2EB759668DB51
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32 ref: 008820AB
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(00000000,?,00000100), ref: 008820C0
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 0088214D
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                                                                                                            • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b1fdee6edc94dd6db365a18e57936d5b476ee107c3b95d51f1d710ef09cb539a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4ee54d269e40ffa024e5d53ae7aebfb645f71114dd20ab85c3131fa191fa0fd4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b1fdee6edc94dd6db365a18e57936d5b476ee107c3b95d51f1d710ef09cb539a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B11067A6C871ABAF6017225DC0ADAA379CFB16728B30111AFB04E51D2FFA578015715
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: eef4e3a1bdf094090785d530d49083a89059dcb25d836d53b6c991692f6cf8ce
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 776a72030e09a89c87e5e0c5806f366296d90cbbcde5a4bff66537f8dd558344
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eef4e3a1bdf094090785d530d49083a89059dcb25d836d53b6c991692f6cf8ce
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2FC1DC74A04249EFCF119FA8C845BADBBB4FF09312F08419AE955E73D2CB709949CB61
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e8e291a8ee0d3a01576a1e041ba3322ad7335171c044c10987a1b0e4d726cc2f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 165a1e7f1143eb2ab4162758e3b5c6a5fc1e0f0fa182b8ad192cfa09ae53a4d9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e8e291a8ee0d3a01576a1e041ba3322ad7335171c044c10987a1b0e4d726cc2f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4B611371904314AFDF21AFB8D881A6E7BA5FF06362F14426DFD40E7282DA719D09CB91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00876890
                                                                                                                                                                                                                                                                                                                                                            • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 008768A9
                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 008768B9
                                                                                                                                                                                                                                                                                                                                                            • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 008768D1
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 008768F2
                                                                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00838874,00000000,00000000,00000000,000000FF,00000000), ref: 00876901
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0087691E
                                                                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00838874,00000000,00000000,00000000,000000FF,00000000), ref: 0087692D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1268354404-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 193eca67935a8b69f70a0747b40042fb88d9c467873645d72c1764d40fe6b45b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ed03dcfcf12da8492f771065f8ba2f13b01889f77b98cf08d6de5caf91ec39ce
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 193eca67935a8b69f70a0747b40042fb88d9c467873645d72c1764d40fe6b45b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E515A7060070AEFDB20CF24CC55FAABBA5FB98760F104528F956D62A0EB70E950DB90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0089C182
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0089C195
                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?), ref: 0089C1A9
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0089C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0089C272
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0089C253: GetLastError.KERNEL32 ref: 0089C322
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0089C253: SetEvent.KERNEL32(?), ref: 0089C336
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0089C253: InternetCloseHandle.WININET(00000000), ref: 0089C341
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 337547030-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f4b9727a19814b60f4552d4e6f7fb51626455c398e5f084903c493b306ecb8a5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: de5cce2f238491a67df9d323f7320bf0e4c9d24c169d6d9628590a529e1d5e32
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f4b9727a19814b60f4552d4e6f7fb51626455c398e5f084903c493b306ecb8a5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 28316A71600605AFDF21AFE9DC44A66BBF9FF58300B18452DF956C6610DB32E8149BA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00883A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00883A57
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00883A3D: GetCurrentThreadId.KERNEL32 ref: 00883A5E
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00883A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008825B3), ref: 00883A65
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 008825BD
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 008825DB
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 008825DF
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 008825E9
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00882601
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00882605
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 0088260F
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00882623
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00882627
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 32330a04de0a82f4be395286297a9213e4e15115c8304a829d84876cc35a41e0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0a41275322fe59fdcce52572f0d078e2646117341cb4c567ddcc80125dcbec5e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 32330a04de0a82f4be395286297a9213e4e15115c8304a829d84876cc35a41e0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E801B170290624BBFB1067689C8AF593F59EB5EB12F100106F358EE0D1C9E224448A6A
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00881449,?,?,00000000), ref: 0088180C
                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,00881449,?,?,00000000), ref: 00881813
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00881449,?,?,00000000), ref: 00881828
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000,?,00881449,?,?,00000000), ref: 00881830
                                                                                                                                                                                                                                                                                                                                                            • DuplicateHandle.KERNEL32(00000000,?,00881449,?,?,00000000), ref: 00881833
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00881449,?,?,00000000), ref: 00881843
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00881449,00000000,?,00881449,?,?,00000000), ref: 0088184B
                                                                                                                                                                                                                                                                                                                                                            • DuplicateHandle.KERNEL32(00000000,?,00881449,?,?,00000000), ref: 0088184E
                                                                                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,00881874,00000000,00000000,00000000), ref: 00881868
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 057d1b65812cd165a7b23f59c3435481dbc956c4e42663a44e11c792847b64c1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 94dfd0748f12548d0593dcbc126ad9e55d041cad46c2352a116075fd6ac7a052
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 057d1b65812cd165a7b23f59c3435481dbc956c4e42663a44e11c792847b64c1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4A016FB5640344BFE710AFA5DC4DF577BACFB89B11F414521FA05EB291DA759800CB60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00827620: _wcslen.LIBCMT ref: 00827625
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0088C6EE
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0088C735
                                                                                                                                                                                                                                                                                                                                                            • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0088C79C
                                                                                                                                                                                                                                                                                                                                                            • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0088C7CA
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0$J$J
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1227352736-1457968824
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e13657e15081873171b1d926db25bf45de402e2df183bb60c56812895f9d2e85
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6cf86d6b907520d2f0a32eab484ac535b95ac772b964c6428cc6933facf56f1e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e13657e15081873171b1d926db25bf45de402e2df183bb60c56812895f9d2e85
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B051CE716143019BD724FF2CC885A6B77E8FF99314F040A2DFA95D31A9EB70D9048BA2
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0088D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 0088D501
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0088D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 0088D50F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0088D4DC: CloseHandle.KERNELBASE(00000000), ref: 0088D5DC
                                                                                                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 008AA16D
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008AA180
                                                                                                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 008AA1B3
                                                                                                                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,00000000), ref: 008AA268
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000), ref: 008AA273
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 008AA2C4
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                                                                                            • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c971f2b653a9c07a39ef35db918742ff0554ead4d92168aab5164c060af7a6c5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 11f830b0fe61f371a2afbbf36ee1140e95b13b0e06e67c22260ea86e623e07c1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c971f2b653a9c07a39ef35db918742ff0554ead4d92168aab5164c060af7a6c5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 12616E30204242AFE714DF18C494F2ABBE5FF45318F14849CE4668BBA2C776EC85CB92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 008B3925
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 008B393A
                                                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 008B3954
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008B3999
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001057,00000000,?), ref: 008B39C6
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001061,?,0000000F), ref: 008B39F4
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: SysListView32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 44eec8023455b662ad9956eaee52cec2862d83a15d1af05005e69f8d809ecd08
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a69b4594eb7fbbf172e2897dad2ad8cc748212ffc671da8150cee0626743ca0a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 44eec8023455b662ad9956eaee52cec2862d83a15d1af05005e69f8d809ecd08
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AC41B471A00218ABEF219F64CC49FEA7BA9FF19354F10052AF958E7391D7B19D80CB90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0087F3AB,00000000,?,?,00000000,?,0087682C,00000004,00000000,00000000), ref: 008B824C
                                                                                                                                                                                                                                                                                                                                                            • EnableWindow.USER32(?,00000000), ref: 008B8272
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,00000000), ref: 008B82D1
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000004), ref: 008B82E5
                                                                                                                                                                                                                                                                                                                                                            • EnableWindow.USER32(?,00000001), ref: 008B830B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 008B832F
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID: pJ
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 642888154-3211412816
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e8dd5f250e56aab4bbcc1716209f944f4c97dacad1d9b0f0dd79e3853a95ff05
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c1a94ba256244619a12a19b7c4ce78b5fd75f37adb70cd9dc5cd60136c35c0c8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e8dd5f250e56aab4bbcc1716209f944f4c97dacad1d9b0f0dd79e3853a95ff05
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AB416034601644EFDF26CF25C899FE57FE5FB1A714F1842A9E5088B3A2CB71A841CB90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(00000000,00007F03), ref: 0088C913
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: IconLoad
                                                                                                                                                                                                                                                                                                                                                            • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9c4caba27f6e18d7bf6217517af892468035d21de95da7cc4be2c02b62d4a4cf
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1efdcc37d6aca7b6c3fd97cea52776be5c436ded0eb9403f3f79af7d31c06249
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9c4caba27f6e18d7bf6217517af892468035d21de95da7cc4be2c02b62d4a4cf
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0A110D3168970BBAE701BB659C83DAA6B9CFF15368B20017BF500E6382F7745E405379
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 61f3b75aa533135cd939609b05b8c3e13a084cc421d1fb3f753a58bd732c8a63
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 48faa98016d895dc723011f064671b498d5fc6575121ff90a708c34e0eb54a3d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 61f3b75aa533135cd939609b05b8c3e13a084cc421d1fb3f753a58bd732c8a63
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 24110A71904218ABCB207B68DC4AEDF7B6CFF11711F0001B9F545DA0D1EF709A818B61
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 952045576-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1085ce8f5f63c57eb63599e9a0cd34b7f6618b3425e5a1feb98097f35c750ee0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: eeb313571f986f4b89af632027853d8e0eab49d6e3109b0a4d6d71af16e6d0d5
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1085ce8f5f63c57eb63599e9a0cd34b7f6618b3425e5a1feb98097f35c750ee0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 82414E65C1022C76CB11FBF8888AACFBBA8FF45710F508566E518E3121FB74E655C3A6
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0087682C,00000004,00000000,00000000), ref: 0083F953
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,0087682C,00000004,00000000,00000000), ref: 0087F3D1
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0087682C,00000004,00000000,00000000), ref: 0087F454
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ShowWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1268545403-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e3887ba696f60cca2a3116e7c7afe295d8cd59e004824e4f8e1d1ab9a4032687
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0cbce81d641118e7a4dda32a9149629e52d17cad58cf38e5e5b9d4ed13f0bfed
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e3887ba696f60cca2a3116e7c7afe295d8cd59e004824e4f8e1d1ab9a4032687
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5441B631A08640BAC7359B2DC88876A7F91FBD6324F14853CEA4BD6667C675E880CBD1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 008B2D1B
                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 008B2D23
                                                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 008B2D2E
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 008B2D3A
                                                                                                                                                                                                                                                                                                                                                            • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 008B2D76
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 008B2D87
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,008B5A65,?,?,000000FF,00000000,?,000000FF,?), ref: 008B2DC2
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 008B2DE1
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: bee11937f5ba09380e997c70bdfd59585e4f2c64e2da510cd3fd6b2057bababc
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: be6ae0ca4f2e3a7de4194d9358538fe52566bb12b5bd6f6fa20e89d02f0ecae4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bee11937f5ba09380e997c70bdfd59585e4f2c64e2da510cd3fd6b2057bababc
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 50318972201214BBEB218F54CC8AFEB3BA9FF4A711F084155FE08DA291C6B59C51CBA4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4425f360d03fda970a96b0eac293d0c351f8e49cd00cca68aa068b306daeba35
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5ea651fa243032cb0ae5a189c071d4b179f37e20e03f3d459108cbdcb5dfe18c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4425f360d03fda970a96b0eac293d0c351f8e49cd00cca68aa068b306daeba35
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C7219571690A1D77D614B924CD92FFA235CFF30398B444020FE15DA782F729ED5187A6
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-572801152
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5bcb04dcc0fa8354e8e8509c6a6ddad6a960f70494940614dbeb10f012b371b1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c86ea6d0cb829377cc85fe50f434a0aac96a2ff265dd4df9757fce70efed1609
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5bcb04dcc0fa8354e8e8509c6a6ddad6a960f70494940614dbeb10f012b371b1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C8D1A171A0060AAFEF10CFA8C881BAEB7B5FF49344F148469E915EB681E771DD85CB50
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,008617FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 008615CE
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,008617FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00861651
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,008617FB,?,008617FB,00000000,00000000,?,00000000,?,?,?,?), ref: 008616E4
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,008617FB,00000000,00000000,?,00000000,?,?,?,?), ref: 008616FB
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00853820: RtlAllocateHeap.NTDLL(00000000,?,008F1444,?,0083FDF5,?,?,0082A976,00000010,008F1440,008213FC,?,008213C6,?,00821129), ref: 00853852
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,008617FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00861777
                                                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 008617A2
                                                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 008617AE
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7c5b495a1f56e346b217af44ebb26baa539c9502a9632100957a70a27d4a4c00
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 03ca15f8ca943e454cce71cd650c5e4f29d92c4ec625c389ab634164de7c98c0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7c5b495a1f56e346b217af44ebb26baa539c9502a9632100957a70a27d4a4c00
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F91D471E0021A9ADF208E74CC89AEEBBB5FF49314F1E4659E902E7152DB35CD44CBA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                                                                                                            • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 162d7aaf62344f2119f0e091677a3f4b6c951feba0015c6c898df5771f1384ae
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a704e46b348eed5808d7035ce61e38ace37eb8947223f02b11e5ba71d9849007
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 162d7aaf62344f2119f0e091677a3f4b6c951feba0015c6c898df5771f1384ae
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CC91AF71A00219ABEF20CFA5C844FAEBBB8FF86714F108559F515EB281D7B09945CFA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 0089125C
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00891284
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 008912A8
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 008912D8
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 0089135F
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 008913C4
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00891430
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2550207440-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b5c861164054d9fe44a3d7c6a25424f76bdc032c3eec08f993d2f505204e771a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 36608cc0cb89e31c96921e25022f741c527299c550a7c5bd3a02f06e9a48b499
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b5c861164054d9fe44a3d7c6a25424f76bdc032c3eec08f993d2f505204e771a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF91E475A0421AAFDF00EF98C889BBEB7B5FF44315F184429E900EB291D774A941CB95
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a1188e2551bb6682262e81a8b0f09c0ee74751b066fb9e934d8dc6c09c0d8a5a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0c5b36295960ccf9bf6bb49202d7a8e6f84be85412f529ae4cd8433c9aa65f6e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a1188e2551bb6682262e81a8b0f09c0ee74751b066fb9e934d8dc6c09c0d8a5a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 04911571D00219EFCB11CFA9C884AEEBBB8FF89320F148559E555F7251D774A982CBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 008A396B
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?), ref: 008A3A7A
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008A3A8A
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 008A3C1F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00890CDF: VariantInit.OLEAUT32(00000000), ref: 00890D1F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00890CDF: VariantCopy.OLEAUT32(?,?), ref: 00890D28
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00890CDF: VariantClear.OLEAUT32(?), ref: 00890D34
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 102cff6aaa65ec5158ecc53faf56e3869968775748eb3eab8409105cc9820b64
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 51f24235abbbaf5516c9b082918c7b9fd6606cc8fe7d41bdb1ce7a7be1672d74
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 102cff6aaa65ec5158ecc53faf56e3869968775748eb3eab8409105cc9820b64
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 059124756083159FD704EF28C48096AB7E5FF8A314F14892DF889DB351DB31EA46CB92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0088000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0087FF41,80070057,?,?,?,0088035E), ref: 0088002B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0088000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0087FF41,80070057,?,?), ref: 00880046
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0088000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0087FF41,80070057,?,?), ref: 00880054
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0088000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0087FF41,80070057,?), ref: 00880064
                                                                                                                                                                                                                                                                                                                                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 008A4C51
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008A4D59
                                                                                                                                                                                                                                                                                                                                                            • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 008A4DCF
                                                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(?), ref: 008A4DDA
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                                                                                                            • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 51eba62ff0e10ada73f97e2c39d9511fa12e5fa4b36766cf48ac8ec612963507
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9c72d846e59dd2812650e5d88f29044bd65cab5172ed5d2a99e0609476abbad5
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 51eba62ff0e10ada73f97e2c39d9511fa12e5fa4b36766cf48ac8ec612963507
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F912671D0022DAFEF14DFA8D880AEEBBB8FF49314F104169E915E7251EB709A548F61
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetMenu.USER32(?), ref: 008B2183
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(00000000), ref: 008B21B5
                                                                                                                                                                                                                                                                                                                                                            • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 008B21DD
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008B2213
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemID.USER32(?,?), ref: 008B224D
                                                                                                                                                                                                                                                                                                                                                            • GetSubMenu.USER32(?,?), ref: 008B225B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00883A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00883A57
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00883A3D: GetCurrentThreadId.KERNEL32 ref: 00883A5E
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00883A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008825B3), ref: 00883A65
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 008B22E3
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0088E97B: Sleep.KERNEL32 ref: 0088E9F3
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ee43f37d38c82abe73de34981f126de3a81c02531af8de102e9c8b1f015cab88
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 25058599fe848f8c97c548e6902013c6a919dfe090c62574e19af6fd0a5285b3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ee43f37d38c82abe73de34981f126de3a81c02531af8de102e9c8b1f015cab88
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 59716D75A00215AFCB10EF68C885AEEBBF5FF88310F148459E916EB351DB34EE418B91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 0088AEF9
                                                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 0088AF0E
                                                                                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(?), ref: 0088AF6F
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000010,?), ref: 0088AF9D
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000011,?), ref: 0088AFBC
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000012,?), ref: 0088AFFD
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,0000005B,?), ref: 0088B020
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e89020897a81ec8bf8e4239da43ba6ac5c884f43d32a8901692559821d5e6d13
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2e0a1f8b7ef2f1a6c7b0102e40210fe50c8a61140bf01fd11fe16c7f19dda707
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e89020897a81ec8bf8e4239da43ba6ac5c884f43d32a8901692559821d5e6d13
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB5115A06047D53DFB3A62348C45BBABFE9BB46304F08858AE2E5D54C2D7D8ACC4D752
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32(00000000), ref: 0088AD19
                                                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 0088AD2E
                                                                                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(?), ref: 0088AD8F
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 0088ADBB
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 0088ADD8
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0088AE17
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0088AE38
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3eb1507b96529414c1399e24c91211e34d6a62a4e9294eb3570fefbb36c8d55e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 05b07c37cfd2792d5a844b7eab6cc3c01a9ebe780868c96b9832421599bbf0d9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3eb1507b96529414c1399e24c91211e34d6a62a4e9294eb3570fefbb36c8d55e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5A51E6A15047D53DFB3AA3348C95B7ABF98FB46301F08898AE1D5D68C2D394EC84D752
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetConsoleCP.KERNEL32(00863CD6,?,?,?,?,?,?,?,?,00855BA3,?,?,00863CD6,?,?), ref: 00855470
                                                                                                                                                                                                                                                                                                                                                            • __fassign.LIBCMT ref: 008554EB
                                                                                                                                                                                                                                                                                                                                                            • __fassign.LIBCMT ref: 00855506
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00863CD6,00000005,00000000,00000000), ref: 0085552C
                                                                                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,00863CD6,00000000,00855BA3,00000000,?,?,?,?,?,?,?,?,?,00855BA3,?), ref: 0085554B
                                                                                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000001,00855BA3,00000000,?,?,?,?,?,?,?,?,?,00855BA3,?), ref: 00855584
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ea3281cf7358ddd138d81f1395427732208d9266b1c19570595f570d55d95759
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6ca298bd5d533463a27fc54649d777e122820c1d4112117a16d5abd02b7f5449
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ea3281cf7358ddd138d81f1395427732208d9266b1c19570595f570d55d95759
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9551C5B1A006499FDB10CFA8D855AEEBBF9FF09301F14412AF955E7291E7309A45CF60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000002,000000F0,?), ref: 008B6C33
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EC,?), ref: 008B6C4A
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 008B6C73
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,0089AB79,00000000,00000000), ref: 008B6C98
                                                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 008B6CC7
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                                                                                                            • String ID: pJ
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3688381893-3211412816
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: bc34d0a75cd2b592dd4a85a5bd33c01afa20ec8762045f84d5c2852db6015299
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9d4ea9361c48876c3f21aa04c1742d02cdea7c1b1d59bc889e3b62f2dea16832
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bc34d0a75cd2b592dd4a85a5bd33c01afa20ec8762045f84d5c2852db6015299
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C641A235A04108AFDB24CF28CC68FE97FA5FB09360F140268E995E73A0E375AD61CA50
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00842D4B
                                                                                                                                                                                                                                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 00842D53
                                                                                                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00842DE1
                                                                                                                                                                                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00842E0C
                                                                                                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00842E61
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 30c5373af0678623f616a653d2feb8cbbce01898867aa540199022d884b434e3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 05013e509d2958f451040edd51935e417c7f14c5d0034a411409ae6c3dedea75
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 30c5373af0678623f616a653d2feb8cbbce01898867aa540199022d884b434e3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C7418A34E0420DABCF10DF68C885A9EBBB5FF45328F548165F815EB292D735AA11CB91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008A304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 008A307A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008A304E: _wcslen.LIBCMT ref: 008A309B
                                                                                                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 008A1112
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 008A1121
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 008A11C9
                                                                                                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 008A11F9
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2675159561-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0b5d15a7776c213845675fe75c8d452615994a076fd4f084461ff678cf79872f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c5ce30d9de5b9801f96d61eafe8397f0ff79545ff9c4a1d471be27ba06b6f278
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b5d15a7776c213845675fe75c8d452615994a076fd4f084461ff678cf79872f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2541F431600214AFEB109F18D888BA9B7E9FF46364F148159F915DB291DB70ED81CBE1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0088DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0088CF22,?), ref: 0088DDFD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0088DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0088CF22,?), ref: 0088DE16
                                                                                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 0088CF45
                                                                                                                                                                                                                                                                                                                                                            • MoveFileW.KERNEL32(?,?), ref: 0088CF7F
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0088D005
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0088D01B
                                                                                                                                                                                                                                                                                                                                                            • SHFileOperationW.SHELL32(?), ref: 0088D061
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                            • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c6763dade7d98b44bde55f6b9143ac37c9cbe684d78a95642374dcaee6c787f8
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: da139ad8e5060606e5f1f321bda636de6c407ace08420bc44674ed64473e7382
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c6763dade7d98b44bde55f6b9143ac37c9cbe684d78a95642374dcaee6c787f8
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CB4101719452185FDF12FBA4D981ADEB7B9FF08380F1000A6E645EB142EF74AA89CB51
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 008B3E35
                                                                                                                                                                                                                                                                                                                                                            • IsMenu.USER32(?), ref: 008B3E4A
                                                                                                                                                                                                                                                                                                                                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 008B3E92
                                                                                                                                                                                                                                                                                                                                                            • DrawMenuBar.USER32 ref: 008B3EA5
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0$pJ
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3076010158-3497692993
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7e24f3124adb3013733216f5866f1e326096ddbd97ef5a5ccf768261af2a3c8a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0c4747cff6b06d4bb70f25580ed1e2067a4f494d44723cb0762a8ab669449af4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7e24f3124adb3013733216f5866f1e326096ddbd97ef5a5ccf768261af2a3c8a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5C411275A01209EFDB20DF64D884AEABBB9FF49354F04412AE905AB750D730EE44CBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00887769
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0088778F
                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 00887792
                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 008877B0
                                                                                                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 008877B9
                                                                                                                                                                                                                                                                                                                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 008877DE
                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 008877EC
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4494fd635bd36aaefe5b02d28b0dd07a5cfad56317f59e6941353ff6c905a245
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9e5ff33bb5dd7b1c98c0b94047b87e22ecc9d2a4904841589ed1c0762110a4c5
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4494fd635bd36aaefe5b02d28b0dd07a5cfad56317f59e6941353ff6c905a245
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D219C76608219AFDB10BFA8CC88CBA73ACFF09764B148125BA14DB251D670DD41C7A4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00887842
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00887868
                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 0088786B
                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32 ref: 0088788C
                                                                                                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32 ref: 00887895
                                                                                                                                                                                                                                                                                                                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 008878AF
                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 008878BD
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 79333a92543ccf7d6e802a3b0ad85dd69fcb01d339f0ff81ac8e7f2551fe8c06
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c9b4c0d7ae8bdda4d9c0b1b9553229eabddd456e3f640a976b066dc98cfc948a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 79333a92543ccf7d6e802a3b0ad85dd69fcb01d339f0ff81ac8e7f2551fe8c06
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 38217431608108AFDB10AFA8DC88DAA77FCFB497607208135F915CB2A1DA70DD41CB78
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(0000000C), ref: 008904F2
                                                                                                                                                                                                                                                                                                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 0089052E
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                            • String ID: nul
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e354eab677d06e378f09dd9fbc0564fc8a12d44352c2c19d3a24ccf565dd7252
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7ea7601bae8db50d64e8a15ae51a74b34b94ca9246eaa9256720b226936851d4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e354eab677d06e378f09dd9fbc0564fc8a12d44352c2c19d3a24ccf565dd7252
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9B216D75500305AFDF20AF69DC44A9A77B8FF44764F654A29F8A1E62E0D7709940CF20
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F6), ref: 008905C6
                                                                                                                                                                                                                                                                                                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00890601
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                            • String ID: nul
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a229d6cb33cf9de0653b963c500b03c47de6f43606c2224c1750ccf9bdb9c443
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9bb2b30ba2dabd958bfe864b8887c2b1c14cd02c17e880a6020e55f0133af672
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a229d6cb33cf9de0653b963c500b03c47de6f43606c2224c1750ccf9bdb9c443
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7D2151755003059FDF21AF699C04A9A77E8FFA5724F240B19F8A1E72E0D7709960CF20
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000008), ref: 008398CC
                                                                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,?), ref: 008398D6
                                                                                                                                                                                                                                                                                                                                                            • SetBkMode.GDI32(?,00000001), ref: 008398E9
                                                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000005), ref: 008398F1
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000EB), ref: 00839952
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Color$LongModeObjectStockTextWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: pJ
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1860813098-3211412816
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 803251941eca461a9ea5a9bcd9e6d2db499c38c74217f2162120613d3ad88da0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 766b5e580df8492cb945f4c6f7a34f0b8c1c94bb73f94cda91594386c656db22
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 803251941eca461a9ea5a9bcd9e6d2db499c38c74217f2162120613d3ad88da0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C33126325492909FC7128F38EC54AA53FA0FF97331B18029DE9D2CA1B1C7724952DB90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0082600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0082604C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0082600E: GetStockObject.GDI32(00000011), ref: 00826060
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0082600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0082606A
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 008B4112
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 008B411F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 008B412A
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 008B4139
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 008B4145
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 67a06b6b8977975554608ab7439cb3333ef34e216fd607255eda5a6ca48451f5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 952cb7745f472d7e136d448c5091c4cc58fe5c279b73d4cec6ecf35248bc3162
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 67a06b6b8977975554608ab7439cb3333ef34e216fd607255eda5a6ca48451f5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C71190B215021DBEEF119E68CC86EE77F9DFF19798F004111BA18E2150C6729C61DBA4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0085D7A3: _free.LIBCMT ref: 0085D7CC
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0085D82D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008529C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0085D7D1,00000000,00000000,00000000,00000000,?,0085D7F8,00000000,00000007,00000000,?,0085DBF5,00000000), ref: 008529DE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008529C8: GetLastError.KERNEL32(00000000,?,0085D7D1,00000000,00000000,00000000,00000000,?,0085D7F8,00000000,00000007,00000000,?,0085DBF5,00000000,00000000), ref: 008529F0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0085D838
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0085D843
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0085D897
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0085D8A2
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0085D8AD
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0085D8B8
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 054db6233d99eb8f1647700af4086d67aded4711d33133fc6d2e4356e3c61c67
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D115E71540B04AAD631BFB4CC47FCB7FDCFF09702F400825BE99E6992DA65B5098662
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0088DA74
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000), ref: 0088DA7B
                                                                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0088DA91
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000), ref: 0088DA98
                                                                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0088DADC
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            • %s (%d) : ==> %s: %s %s, xrefs: 0088DAB9
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                                                                                                            • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f10742a4176b448957fd040c09727578ddc549ccdf18b4f1c30a5b570b368c2e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9c8aaf8a9f7c61de01b4df8fd56186fc2d1482be967c216aca263f407c3c2b4d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f10742a4176b448957fd040c09727578ddc549ccdf18b4f1c30a5b570b368c2e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B2016DF29002187FE711ABE49D89EEB376CFB08305F400596B746E2081EA749E848F74
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(00ECE370,00ECE370), ref: 0089097B
                                                                                                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00ECE350,00000000), ref: 0089098D
                                                                                                                                                                                                                                                                                                                                                            • TerminateThread.KERNEL32(?,000001F6), ref: 0089099B
                                                                                                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000003E8), ref: 008909A9
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 008909B8
                                                                                                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(00ECE370,000001F6), ref: 008909C8
                                                                                                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(00ECE350), ref: 008909CF
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f2e7bcd1f56bc3becf0efaca2fb627b24ae6bc6f8c42f2ca9c6ef4d34404bbe1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1c94ef795818474013df098cb305bdd8854658ddf97e3fb21030300c42ec5d87
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f2e7bcd1f56bc3becf0efaca2fb627b24ae6bc6f8c42f2ca9c6ef4d34404bbe1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0CF0EC32442A12BFDB555FA4EE8DBD6BB39FF05702F442226F202908A1C7759865CF90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 008A1DC0
                                                                                                                                                                                                                                                                                                                                                            • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 008A1DE1
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 008A1DF2
                                                                                                                                                                                                                                                                                                                                                            • htons.WSOCK32(?,?,?,?,?), ref: 008A1EDB
                                                                                                                                                                                                                                                                                                                                                            • inet_ntoa.WSOCK32(?), ref: 008A1E8C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008839E8: _strlen.LIBCMT ref: 008839F2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008A3224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,0089EC0C), ref: 008A3240
                                                                                                                                                                                                                                                                                                                                                            • _strlen.LIBCMT ref: 008A1F35
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3203458085-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 513910971be71134762e73cf2fedd948aa25b154ea26ae28158aa4b19b90ff7c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 342439b03635bab067f64646bf7fa6ce8016b732e4f24e3574b4a8d441e92705
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 513910971be71134762e73cf2fedd948aa25b154ea26ae28158aa4b19b90ff7c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 83B1EF30204340AFE724DF28C889E2A7BA5FF85318F54855CF4569F6A2DB71ED81CB92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 00825D30
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00825D71
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00825D99
                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 00825ED7
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00825EF8
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1296646539-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7aa54d5cb6debe4e36a82d3214b51049304c03b258240e03d3ef63eb77b27b60
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b371651fed4ab9e4d4ab25ed3d540a04a744f588d6d0095deb06d4758d151c11
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7aa54d5cb6debe4e36a82d3214b51049304c03b258240e03d3ef63eb77b27b60
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 07B17938A0074ADBDB14CFA8C4807EEB7F1FF58310F15951AE8A9D7250DB30AA91DB50
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __allrem.LIBCMT ref: 008500BA
                                                                                                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008500D6
                                                                                                                                                                                                                                                                                                                                                            • __allrem.LIBCMT ref: 008500ED
                                                                                                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0085010B
                                                                                                                                                                                                                                                                                                                                                            • __allrem.LIBCMT ref: 00850122
                                                                                                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00850140
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 87be0afb0d0f8ddc878732bd9dff421bd0098ad9fe155c1300ee7926b07593b3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C681E772A00B0A9BE7209F6CCC41B6A73E9FF51365F24413EF951D6682EF70D9088B52
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,008482D9,008482D9,?,?,?,0085644F,00000001,00000001,8BE85006), ref: 00856258
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0085644F,00000001,00000001,8BE85006,?,?,?), ref: 008562DE
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 008563D8
                                                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 008563E5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00853820: RtlAllocateHeap.NTDLL(00000000,?,008F1444,?,0083FDF5,?,?,0082A976,00000010,008F1440,008213FC,?,008213C6,?,00821129), ref: 00853852
                                                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 008563EE
                                                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 00856413
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b218fbf1546f4de9f413552c7e4dc9299adef6904fe52c4e365575f7b447b8d3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 32f1586825b6b3b1fcfa8a6f94809f0ad4f1ddc67f8066294743e4138ec22902
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b218fbf1546f4de9f413552c7e4dc9299adef6904fe52c4e365575f7b447b8d3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9751C072A00216ABEF258F68CC81EEF7BA9FB44752F554629FC05D7240EB34DC68C661
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008AC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,008AB6AE,?,?), ref: 008AC9B5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008AC998: _wcslen.LIBCMT ref: 008AC9F1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008AC998: _wcslen.LIBCMT ref: 008ACA68
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008AC998: _wcslen.LIBCMT ref: 008ACA9E
                                                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 008ABCCA
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 008ABD25
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 008ABD6A
                                                                                                                                                                                                                                                                                                                                                            • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 008ABD99
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 008ABDF3
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 008ABDFF
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 174073dd920ef607677446f7b9e0d527d28ba41ed5d49939dd85b9478aaf4836
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1aaec271e32be6c9dcd13963c9c1a12f02b310dffa920434c40751e61e19ec75
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 174073dd920ef607677446f7b9e0d527d28ba41ed5d49939dd85b9478aaf4836
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6F818F71208241EFD714DF24C895E2ABBE5FF85308F14896CF5998B2A2DB31ED45CB92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(00000035), ref: 0087F7B9
                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00000001), ref: 0087F860
                                                                                                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(0087FA64,00000000), ref: 0087F889
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(0087FA64), ref: 0087F8AD
                                                                                                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(0087FA64,00000000), ref: 0087F8B1
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 0087F8BB
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 936c5520202094cd625d6ec8b655ef1e2fbaf61e237a18587afe95252394036c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d6776a27d986a6ae55aee5d81f96d5bd2195b19f5fa726393ce5f06e53024d99
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 936c5520202094cd625d6ec8b655ef1e2fbaf61e237a18587afe95252394036c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2751B531500314AACF10AB6AD895769B7A4FF45314F24D466EB09EF29BDB70CC40D7A7
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00827620: _wcslen.LIBCMT ref: 00827625
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00826B57: _wcslen.LIBCMT ref: 00826B6A
                                                                                                                                                                                                                                                                                                                                                            • GetOpenFileNameW.COMDLG32(00000058), ref: 008994E5
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00899506
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0089952D
                                                                                                                                                                                                                                                                                                                                                            • GetSaveFileNameW.COMDLG32(00000058), ref: 00899585
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                                                                                                                            • String ID: X
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d50b03734b0ad6abfee9704e58454e46300f43ff89e6924de766350abc74a6b7
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5eb0a435737c0040e67540e28008be2efa0c2a3e596940e21937f7167eed8c2c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d50b03734b0ad6abfee9704e58454e46300f43ff89e6924de766350abc74a6b7
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BFE18F315043509FDB14EF28D881A6AB7E4FF84314F09896DE899DB3A2DB31DD45CB92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00839BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00839BB2
                                                                                                                                                                                                                                                                                                                                                            • BeginPaint.USER32(?,?,?), ref: 00839241
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 008392A5
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 008392C2
                                                                                                                                                                                                                                                                                                                                                            • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 008392D3
                                                                                                                                                                                                                                                                                                                                                            • EndPaint.USER32(?,?,?,?,?), ref: 00839321
                                                                                                                                                                                                                                                                                                                                                            • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 008771EA
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00839339: BeginPath.GDI32(00000000), ref: 00839357
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3050599898-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6142b6fd07dc453860f84b8ef97ccadaa445d1159eead32ed1a931d530a918ef
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5110df22e336143018812b61c8e1d7714a61a88d6fe01e6c47ff1812b6c8766c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6142b6fd07dc453860f84b8ef97ccadaa445d1159eead32ed1a931d530a918ef
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FC419270104201EFDB11DF28CC88FBA7BA8FB95324F140669F9A5D72A1D7B19845DBA2
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,000001F5), ref: 0089080C
                                                                                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00890847
                                                                                                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 00890863
                                                                                                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 008908DC
                                                                                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 008908F3
                                                                                                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,000001F6), ref: 00890921
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d0becf291b19b746bdf87d851a088c7f84cd1789703667a273260157db4a9fa0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 805a2037bcd5bb033e1bd96a2e88b968ae1a533dcba19da33ae9214653f3fd2e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d0becf291b19b746bdf87d851a088c7f84cd1789703667a273260157db4a9fa0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D415671A00205AFDF14AF58DC85AAA77B9FF44300F1440A9E900EE297DB30DE60DBA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • IsWindowVisible.USER32(?), ref: 00884C95
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00884CB2
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00884CEA
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00884D08
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00884D10
                                                                                                                                                                                                                                                                                                                                                            • _wcsstr.LIBVCRUNTIME ref: 00884D1A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 72514467-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e27a47eec065da4fcf965024e3eee4c6171eb3bd7e88c90dc8e4f0483dd1106b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 755797299c70b6fce12da170c13d2cfa1cf7e257faa8c6287abc339d082224b1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e27a47eec065da4fcf965024e3eee4c6171eb3bd7e88c90dc8e4f0483dd1106b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 60212633604206BBEB656B39EC09E7B7B9CFF45754F10902EF805CA192EA61DC0093A1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00823AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00823A97,?,?,00822E7F,?,?,?,00000000), ref: 00823AC2
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0089587B
                                                                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 00895995
                                                                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(008BFCF8,00000000,00000001,008BFB68,?), ref: 008959AE
                                                                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 008959CC
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 05c6ac80fd10a71a1186d3d0505fb2d1ad8f45789226cd8f712e997f4d931046
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0340783ddb6af0e60283a1511d616139ed0aeb9fe2ced9dbd037f3b31dbc22e3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 05c6ac80fd10a71a1186d3d0505fb2d1ad8f45789226cd8f712e997f4d931046
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3FD163716047119FCB04EF29D480A2ABBE1FF89724F188859F889DB361DB31ED45CB92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00880FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00880FCA
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00880FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00880FD6
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00880FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00880FE5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00880FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00880FEC
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00880FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00881002
                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?,00000000,00881335), ref: 008817AE
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000000), ref: 008817BA
                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 008817C1
                                                                                                                                                                                                                                                                                                                                                            • CopySid.ADVAPI32(00000000,00000000,?), ref: 008817DA
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,00881335), ref: 008817EE
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 008817F5
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 209dfce4b095cf8d7015ec141ab7e8f18e3d76521ea5a0c7f20ac9163339277e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7e1cbbcc0549398b99f05fa2dca03c946694d4f4af566679eb82739fc2c16a65
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 209dfce4b095cf8d7015ec141ab7e8f18e3d76521ea5a0c7f20ac9163339277e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F6119772600205EBDF10AFA8DC49BAE7BADFB41359F104119F481E7214CB36A946CB60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 008814FF
                                                                                                                                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 00881506
                                                                                                                                                                                                                                                                                                                                                            • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00881515
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000004), ref: 00881520
                                                                                                                                                                                                                                                                                                                                                            • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0088154F
                                                                                                                                                                                                                                                                                                                                                            • DestroyEnvironmentBlock.USERENV(00000000), ref: 00881563
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1413079979-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a3440a150f9c49c30348fe196e8f698e6800a444f14ea2bb9814169c07f208c3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 101fac8515ea499087dda2a0805f8c3358dd6c704a38f0392c8f327d49ef7469
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a3440a150f9c49c30348fe196e8f698e6800a444f14ea2bb9814169c07f208c3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E611567250420DABDF119FA8ED49FDE7BAEFF48708F044124FA05A2160C7718E62DB60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00843379,00842FE5), ref: 00843390
                                                                                                                                                                                                                                                                                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0084339E
                                                                                                                                                                                                                                                                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 008433B7
                                                                                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,00843379,00842FE5), ref: 00843409
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 77639913387dd86530ee983a381832ff2496e3ff2093cd8ac51fceafb5d72b10
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c79fc6acced7ef97e874ba0b2653f08f5d4323470b4c803ad26be14959dd2964
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 77639913387dd86530ee983a381832ff2496e3ff2093cd8ac51fceafb5d72b10
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6501F733A0972ABFA6292B787CC5A672F94FB257797200329F420C53F1FF114E026544
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00855686,00863CD6,?,00000000,?,00855B6A,?,?,?,?,?,0084E6D1,?,008E8A48), ref: 00852D78
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00852DAB
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00852DD3
                                                                                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,?,?,?,0084E6D1,?,008E8A48,00000010,00824F4A,?,?,00000000,00863CD6), ref: 00852DE0
                                                                                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,?,?,?,0084E6D1,?,008E8A48,00000010,00824F4A,?,?,00000000,00863CD6), ref: 00852DEC
                                                                                                                                                                                                                                                                                                                                                            • _abort.LIBCMT ref: 00852DF2
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7f7d5586f492539a7a183091b987d6293de6b7bbae9680feb39968f59fbd5032
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f5bb3f9ab0246e1b44e5afd211f53b67c75a94c3ac009a9af80f1b782852c155
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7f7d5586f492539a7a183091b987d6293de6b7bbae9680feb39968f59fbd5032
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3CF0A432544A046BC212373CAC06E5A2A69FBC37A7F244519FC24E2292EF24880E4162
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00839639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00839693
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00839639: SelectObject.GDI32(?,00000000), ref: 008396A2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00839639: BeginPath.GDI32(?), ref: 008396B9
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00839639: SelectObject.GDI32(?,00000000), ref: 008396E2
                                                                                                                                                                                                                                                                                                                                                            • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 008B8A4E
                                                                                                                                                                                                                                                                                                                                                            • LineTo.GDI32(?,00000003,00000000), ref: 008B8A62
                                                                                                                                                                                                                                                                                                                                                            • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 008B8A70
                                                                                                                                                                                                                                                                                                                                                            • LineTo.GDI32(?,00000000,00000003), ref: 008B8A80
                                                                                                                                                                                                                                                                                                                                                            • EndPath.GDI32(?), ref: 008B8A90
                                                                                                                                                                                                                                                                                                                                                            • StrokePath.GDI32(?), ref: 008B8AA0
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 43455801-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ced089823e5619f5972ec0a9a21f46284766c1e0c68f43d5192c56075fb5afe8
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8dbaf112088da70ffd64852db0c06739dfe8db1812a40728f8b103431a2c4a07
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ced089823e5619f5972ec0a9a21f46284766c1e0c68f43d5192c56075fb5afe8
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 03110576400119FFEF129F94DC88EAA7F6CFB08390F008122FA599A1A1D7719D55DFA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00885218
                                                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,00000058), ref: 00885229
                                                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00885230
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 00885238
                                                                                                                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0088524F
                                                                                                                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00885261
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: abc2ed9751a64cc071a278bfa05790d414bf938c2ff083cd0ec7708b9a5fef93
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: de700759f9412719621b7ab873a3f0a6d641980281246608eb8b15ef99683359
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: abc2ed9751a64cc071a278bfa05790d414bf938c2ff083cd0ec7708b9a5fef93
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A1016275E40718BBEB10ABAA9C49E5EBFB8FF48751F044165FA04E7291DA709C00CFA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00821BF4
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000010,00000000), ref: 00821BFC
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00821C07
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00821C12
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000011,00000000), ref: 00821C1A
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00821C22
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Virtual
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6e7c39a2687ec14d8c2d81263f08c6392070172a180d88fa738f2bfb85848607
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: be596a76f7549e4a8ab4e39f15ad1a29e936905b34182a58a4acc5f0ce722efc
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6e7c39a2687ec14d8c2d81263f08c6392070172a180d88fa738f2bfb85848607
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3B0167B0902B5ABDE3008F6A8C85B52FFA8FF19354F00411BA15C4BA42C7F5A864CBE5
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0088EB30
                                                                                                                                                                                                                                                                                                                                                            • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0088EB46
                                                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,?), ref: 0088EB55
                                                                                                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0088EB64
                                                                                                                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0088EB6E
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0088EB75
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 839392675-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4cafdfdc92ee2ef8e28a4a2baf0ded3777bb1fc938e33b7bc249d22e959e5467
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8f7c097e189b62b045c58b611461e93eca7814aa85447e3519cdd6827ae71914
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4cafdfdc92ee2ef8e28a4a2baf0ded3777bb1fc938e33b7bc249d22e959e5467
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BCF01772240158BBE6215B629C0EEEB7B7CFBCBB11F000269FA11E1191A6A05A0186B5
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?), ref: 00877452
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001328,00000000,?), ref: 00877469
                                                                                                                                                                                                                                                                                                                                                            • GetWindowDC.USER32(?), ref: 00877475
                                                                                                                                                                                                                                                                                                                                                            • GetPixel.GDI32(00000000,?,?), ref: 00877484
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?,00000000), ref: 00877496
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000005), ref: 008774B0
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 272304278-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7aacc2dca4cfe15daccdfeca4a7b507fa30a7b9e29f577bcf1a5b0a8c9923392
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6cac793bd4000f6d131ed6bf719b371d673d1d95e8162072d32d71e6f68f849d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7aacc2dca4cfe15daccdfeca4a7b507fa30a7b9e29f577bcf1a5b0a8c9923392
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 89014B31400219EFDB515F64DC08FAA7BB5FB04315F514264FA19A21A1CB315E51EB50
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0088187F
                                                                                                                                                                                                                                                                                                                                                            • UnloadUserProfile.USERENV(?,?), ref: 0088188B
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00881894
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 0088189C
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 008818A5
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 008818AC
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 146765662-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c1d0dda42be1e202b89db95ea7d9e018747eb0d5bcee55d27c9ae3819ca45ae7
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ded2cdadd5451f97da8a292d4e79c36f6238d6ec96ab62a2126c4aad648fb3c2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c1d0dda42be1e202b89db95ea7d9e018747eb0d5bcee55d27c9ae3819ca45ae7
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A9E0E576004101BBDB015FA9ED0C90AFF79FF49B22B508321F22591170CB329420DF60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ShellExecuteExW.SHELL32(0000003C), ref: 008AAEA3
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00827620: _wcslen.LIBCMT ref: 00827625
                                                                                                                                                                                                                                                                                                                                                            • GetProcessId.KERNEL32(00000000), ref: 008AAF38
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 008AAF67
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: <$@
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: bb33ddfb5c9f3ef54f318941a6fe68953f980335c8b714e886264da3d334abf5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: cab932fe531ee9f74e33c9a75e33bcbc1f41299ee897e1b082d982f70c18c763
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bb33ddfb5c9f3ef54f318941a6fe68953f980335c8b714e886264da3d334abf5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D0716A70A00219DFDB18DF58D484A9EBBF0FF09310F048499E856ABB52CB74ED81CB92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 008B62E2
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 008B6315
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 008B6382
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                                                                                                            • String ID: pJ
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3880355969-3211412816
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5489c915ffaa0b7f0cece7239c2dc839d49da8a3a27ad2938e2f9b25b678f1e3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a4d3ce094bc08ba82370d565a0ba9bf5c0343f3ae17efbd1c7f9b9111748e2b6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5489c915ffaa0b7f0cece7239c2dc839d49da8a3a27ad2938e2f9b25b678f1e3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 35511774A00209EFDB10DF68D8849AE7BB5FB59360F108269F915DB3A0E774AD91CB90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00887206
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 0088723C
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0088724D
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 008872CF
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                                                                                                                            • String ID: DllGetClassObject
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 306a00885446eef4dc1f051c14614783e20363ea8bb9ebc5abd506c4415613bb
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: aef0593f6160376237d1ea6d4e88ccf0b5f588515e41a7b10fe8545d45fc5e84
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 306a00885446eef4dc1f051c14614783e20363ea8bb9ebc5abd506c4415613bb
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D3416F71A04208EFDB15DF54C884A9A7BB9FF45314F2480A9BD0AEF21AD7B1D944CBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 0088C306
                                                                                                                                                                                                                                                                                                                                                            • DeleteMenu.USER32(?,00000007,00000000), ref: 0088C34C
                                                                                                                                                                                                                                                                                                                                                            • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,008F1990,J), ref: 0088C395
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0$J
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 135850232-3283964329
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4be5835d2f65fa5488371d427a6e7a2b2530fd2c7b5bbeb39f9fa0803f0a2216
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 300111c609ac8fdfbc09966aa5a700ea6c5693518dddf30f243c722bbb209c83
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4be5835d2f65fa5488371d427a6e7a2b2530fd2c7b5bbeb39f9fa0803f0a2216
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F418C712043019FD720EF29D885B5ABBE8FF85324F148A2DF9A5D7395D730A905CB62
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001024,00000000,?), ref: 008B5352
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 008B5375
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 008B5382
                                                                                                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 008B53A8
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                                                                                                                                                                                                                                                            • String ID: pJ
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3340791633-3211412816
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3c84b0b417d6e09e3286f09a87673f99367382deae8d14d401319ff7872f4eb0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f0300fd892880ef7a98d97b13c5bd26cf0234e3c0b0128c90360a3908f9d6e03
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3c84b0b417d6e09e3286f09a87673f99367382deae8d14d401319ff7872f4eb0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AD319E34A55A0CEFEB309A14CC55FE977E5FB0E390F584102BA11D63E1C7B5A9809B52
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(?,?), ref: 008B769A
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 008B7710
                                                                                                                                                                                                                                                                                                                                                            • PtInRect.USER32(?,?,008B8B89), ref: 008B7720
                                                                                                                                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 008B778C
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: pJ
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1352109105-3211412816
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c45055e7863b4f01507cb4944725e14525a1d8a32594a8a1aeaad75162d76109
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b57d631b1348e9600e345803998ee89deef4bd6b187af3fe26bcee1ddffe6ee7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c45055e7863b4f01507cb4944725e14525a1d8a32594a8a1aeaad75162d76109
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 11418934A09354DFDB11CF68C898EE9BBF4FB99304F1541A8E815DB361CB70A941CB90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00883CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00883CCA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00881E66
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00881E79
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000189,?,00000000), ref: 00881EA9
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00826B57: _wcslen.LIBCMT ref: 00826B6A
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2def5fda9d80ad5683195ee1426bdee37ff6f9b0282db98792de20e256da1a00
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b923767e4dc4b9866d1989a722571c8ab2270e6633a7fedfacaf1fae144e57fa
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2def5fda9d80ad5683195ee1426bdee37ff6f9b0282db98792de20e256da1a00
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C421E471A00108ABDB14AB68EC49CFFB7ADFF56364B144129F825E72E1DB7449468720
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 008B4705
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 008B4713
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 008B471A
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: msctls_updown32$pJ
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4014797782-1198534841
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cb2dc76f2b84d5ca85b3e7a9c638ac75b1ad5fe04553384d9f9699f357fdf254
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f41f41544404f165ecc57f6acc3ed1bfcca901f036074bac7e7398bc839528b6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cb2dc76f2b84d5ca85b3e7a9c638ac75b1ad5fe04553384d9f9699f357fdf254
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB215EB5600209AFEB10DF68DC86DBB37ADFB5A3A4B040059FA01DB351DB71EC51CA61
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00839BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00839BB2
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 008B9001
                                                                                                                                                                                                                                                                                                                                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00877711,?,?,?,?,?), ref: 008B9016
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 008B905E
                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00877711,?,?,?), ref: 008B9094
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: pJ
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2864067406-3211412816
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: fd47ff73b36a0e18a4fbcaf062d42661647906020793a67eada34099f792c63c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9a1167df6578cf52f5d6e71409125919cb14cb8d70ef43f18bbc45c8cd83a9ed
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fd47ff73b36a0e18a4fbcaf062d42661647906020793a67eada34099f792c63c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 76219F35600418EFCB259FA4C898EFA7BF9FB8A360F044165FA4587262D3719951DBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 008B2F8D
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(?), ref: 008B2F94
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 008B2FA9
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 008B2FB1
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cee7518ad3997fc7ead7081c87ca554b09a310851fb3de4dcfd9252846f015fd
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 66cf679f4554ecb5ffa9b38953055e9d2fa1b377b8c6761ffa55b42727eb1a0b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cee7518ad3997fc7ead7081c87ca554b09a310851fb3de4dcfd9252846f015fd
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F4218C71214209ABEF205F64DC84EFB77B9FB59364F104628F950D6390DB71DC919760
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00844D1E,008528E9,?,00844CBE,008528E9,008E88B8,0000000C,00844E15,008528E9,00000002), ref: 00844D8D
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00844DA0
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,00844D1E,008528E9,?,00844CBE,008528E9,008E88B8,0000000C,00844E15,008528E9,00000002,00000000), ref: 00844DC3
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d2e37efcd2959def67e4a404c899bf4ddc21380f12510dd7d169e14002ae1179
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 16ba808345e2b026fbbcc3ff8cb0fa9611cd5a3cc50713f0224b85f209e01df6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d2e37efcd2959def67e4a404c899bf4ddc21380f12510dd7d169e14002ae1179
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 44F04935A4021CFBDB159F94DC49BAEBBB9FF44752F0001A8F90AE2260CB759A44DE91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32 ref: 0087D3AD
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0087D3BF
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 0087D3E5
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                            • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 145871493-2590602151
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8bf23a61de33eda616b5953dc36c4d9b482dc7977c7208d5f34d718eecb07786
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d1498792d1bc33bef72434598a940278fbacf075252e1770b5c1f32b1c0778fb
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8bf23a61de33eda616b5953dc36c4d9b482dc7977c7208d5f34d718eecb07786
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3FF05531801B248BC77057148C5896E7334FF21B05F55C254FA0EF636EEB60DC4686D2
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00824EDD,?,008F1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00824E9C
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00824EAE
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00824EDD,?,008F1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00824EC0
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                            • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8b8c062ce5670ab6e550b0defb20f9f35353110698825672767725ec3d893c3a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 397285f2be94e52c3d7f64a0fb161be155f0e910b48e361d9c42a0d9a9736ca8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8b8c062ce5670ab6e550b0defb20f9f35353110698825672767725ec3d893c3a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 58E08639A016325BA2311B29BC18A5F7658FF81F727060215FC10E2300DBA4CD4240B0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00863CDE,?,008F1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00824E62
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00824E74
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00863CDE,?,008F1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00824E87
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                            • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5e24a078feaa7a1b9025964266ddc51f73bd1138c436d6d7243d1675dbd04a12
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5eb56b319fb2637dcc527cde878c5dc768dc815edbb32ef02f9397cda878414b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e24a078feaa7a1b9025964266ddc51f73bd1138c436d6d7243d1675dbd04a12
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E9D01239502632576A221B297C1CD8F7B18FF85B713460615F915F6224CF64CD4285F0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00892C05
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?), ref: 00892C87
                                                                                                                                                                                                                                                                                                                                                            • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00892C9D
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00892CAE
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00892CC0
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ee633ff20e7eb1f3f95847a7fa9b6048a2fa0c09ae47f6031343dc95fdf291f2
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 96a616efab4f18c419453c464a31fd4d3619e0c50f6550cd6e8d26158f91589c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ee633ff20e7eb1f3f95847a7fa9b6048a2fa0c09ae47f6031343dc95fdf291f2
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 13B13F72D0012DABDF21EBA8CC85EDEB7BDFF49354F1440A6F509E6151EA309A448F61
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 008AA427
                                                                                                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 008AA435
                                                                                                                                                                                                                                                                                                                                                            • GetProcessIoCounters.KERNEL32(00000000,?), ref: 008AA468
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 008AA63D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c091d9c205b35af916f14c4ad8faac907f3eda66ff8ae2c5f981cdaa748172ba
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: cd8e5de334048449d0dd3a4f8c1330061d3f9924ef554ee72d65ae551a2f97a2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c091d9c205b35af916f14c4ad8faac907f3eda66ff8ae2c5f981cdaa748172ba
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9FA17C716043009FE724DF28D886B2AB7E5FB88714F14881DF55ADB692DBB0EC41CB92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,008C3700), ref: 0085BB91
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,008F121C,000000FF,00000000,0000003F,00000000,?,?), ref: 0085BC09
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,008F1270,000000FF,?,0000003F,00000000,?), ref: 0085BC36
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0085BB7F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008529C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0085D7D1,00000000,00000000,00000000,00000000,?,0085D7F8,00000000,00000007,00000000,?,0085DBF5,00000000), ref: 008529DE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008529C8: GetLastError.KERNEL32(00000000,?,0085D7D1,00000000,00000000,00000000,00000000,?,0085D7F8,00000000,00000007,00000000,?,0085DBF5,00000000,00000000), ref: 008529F0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0085BD4B
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1286116820-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9b1cb538e450f263edafb964faee35be8aae5feb6df0cace06c9f9a446437d9d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f5c42dc3c16121aae2107dbdd85d853d11f76c51281b0da2d5630aaac5b173a0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9b1cb538e450f263edafb964faee35be8aae5feb6df0cace06c9f9a446437d9d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 93510971900209EFCB10DFB99C85DBEB7B8FF51362B10026AE950E7291EB709D49CB51
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0088DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0088CF22,?), ref: 0088DDFD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0088DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0088CF22,?), ref: 0088DE16
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0088E199: GetFileAttributesW.KERNEL32(?,0088CF95), ref: 0088E19A
                                                                                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 0088E473
                                                                                                                                                                                                                                                                                                                                                            • MoveFileW.KERNEL32(?,?), ref: 0088E4AC
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0088E5EB
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0088E603
                                                                                                                                                                                                                                                                                                                                                            • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 0088E650
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 060d70ac2dfab1f86d143cfe4f0f667c5753c4b0b82c6980f3ece26fdd790d14
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 549350bd5d2bb0c02802f1002ea2551504f0e39fe75946cf236073528f7b6444
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 060d70ac2dfab1f86d143cfe4f0f667c5753c4b0b82c6980f3ece26fdd790d14
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D512EB24087455BC724EBA4D8819DFB7ECFF94340F00492EE589D3191EF74A688876B
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008AC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,008AB6AE,?,?), ref: 008AC9B5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008AC998: _wcslen.LIBCMT ref: 008AC9F1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008AC998: _wcslen.LIBCMT ref: 008ACA68
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008AC998: _wcslen.LIBCMT ref: 008ACA9E
                                                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 008ABAA5
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 008ABB00
                                                                                                                                                                                                                                                                                                                                                            • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 008ABB63
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?), ref: 008ABBA6
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 008ABBB3
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 826366716-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 336185b373edc91950499ffc2a404b4b1a9c7f207f45f41c2554d80d9dea180c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7d270c499ad617a25aae72b14057f6a4ec6c0aa20bc3ef361e66fbc216eb71cb
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 336185b373edc91950499ffc2a404b4b1a9c7f207f45f41c2554d80d9dea180c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8061A031208245EFD314DF24C490E2ABBE5FF85318F54856CF4998B6A2DB31ED46CBA2
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00888BCD
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32 ref: 00888C3E
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32 ref: 00888C9D
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00888D10
                                                                                                                                                                                                                                                                                                                                                            • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00888D3B
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 89abc530be6b1e4b07761088793ed891c362a499ee95bf8994c39e34ddc7fafe
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ece6abb752760c21f44c72fa94b2e9a26f1e849b4f80bb5ab07c465259b37425
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 89abc530be6b1e4b07761088793ed891c362a499ee95bf8994c39e34ddc7fafe
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 735179B5A00219EFCB10DF68C894AAABBF9FF89314B158559F909DB354E730E911CF90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00898BAE
                                                                                                                                                                                                                                                                                                                                                            • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00898BDA
                                                                                                                                                                                                                                                                                                                                                            • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00898C32
                                                                                                                                                                                                                                                                                                                                                            • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00898C57
                                                                                                                                                                                                                                                                                                                                                            • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00898C5F
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a607113d6caef73605bd3e873a18bb79fdc6394c8e4fec4234166714280bf3f6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: dd3512891b36f28875721f527cced3719384b0106add3a92bff4c01f276db436
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a607113d6caef73605bd3e873a18bb79fdc6394c8e4fec4234166714280bf3f6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6E513835A00219DFCB05EF69C881A69BBF5FF49314F088458E849AB362DB35ED51CB91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(?,00000000,?), ref: 008A8F40
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 008A8FD0
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 008A8FEC
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 008A9032
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 008A9052
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0083F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00891043,?,7644E610), ref: 0083F6E6
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0083F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,0087FA64,00000000,00000000,?,?,00891043,?,7644E610,?,0087FA64), ref: 0083F70D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 666041331-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 473a2e50c12b673df95c8f1c91db358712c6eb6793607114dd2584a5b141517c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 96330b1129c866658c4c98c1f895bc833ce90d57fa5a2f2365f7c455b5b5665b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 473a2e50c12b673df95c8f1c91db358712c6eb6793607114dd2584a5b141517c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FC512634605615DFDB11DF58C4848A9BBF1FF4A314B0980A8E84AEB762DB31ED86CB91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 11557e36bafb9c7db61791e87387cb8ec1e31a0ec38ad1e9cc5ab3a172d228f0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 30f3dfafd188ba289d1245c0d72946a47ea55e218dffabf03321b8cd3100445a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 11557e36bafb9c7db61791e87387cb8ec1e31a0ec38ad1e9cc5ab3a172d228f0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B41D132E006049FCB24DF78C981A5EB7A5FF8A315F1545A8EA15EB392DB31AD05CB81
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00839141
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(00000000,?), ref: 0083915E
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000001), ref: 00839183
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000002), ref: 0083919D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4210589936-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cf087b5d10f8414c314743925f62db225b70b42662a32622ffd6a283d8705db6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3b20dd26bf348f8a1b39b0f64fc933238eeaf21dc279ded487b7e22565ca0b29
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf087b5d10f8414c314743925f62db225b70b42662a32622ffd6a283d8705db6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5C416F31A0860AFBDF159F68C844BEEB774FB45324F208229E469E3294C774A950CFA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetInputState.USER32 ref: 008938CB
                                                                                                                                                                                                                                                                                                                                                            • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00893922
                                                                                                                                                                                                                                                                                                                                                            • TranslateMessage.USER32(?), ref: 0089394B
                                                                                                                                                                                                                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 00893955
                                                                                                                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00893966
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2256411358-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d1e6fec1705dd191bb508543173caeb0e81758fa5b0774a51d4ccec6b10dcda5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 879032ed9b21ec134d810e24297fff0de603682d75e5ca583f297f23fac7d469
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d1e6fec1705dd191bb508543173caeb0e81758fa5b0774a51d4ccec6b10dcda5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3A31DF70904346DEEF35EB359808FB67FA8FB16304F0C0569E466D25A0E3B4AA85CB21
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,0089C21E,00000000), ref: 0089CF38
                                                                                                                                                                                                                                                                                                                                                            • InternetReadFile.WININET(?,00000000,?,?), ref: 0089CF6F
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,?,?,?,0089C21E,00000000), ref: 0089CFB4
                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,0089C21E,00000000), ref: 0089CFC8
                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,0089C21E,00000000), ref: 0089CFF2
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7807fe5853dd45a243391f5982980521232dd6a43dda09d6db66abf4793acbb2
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1b203483d415b8898bc978f1dcfc54f04ed5bfd19af9bbe6e4e319685998011d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7807fe5853dd45a243391f5982980521232dd6a43dda09d6db66abf4793acbb2
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A315E71900609EFDF20EFA9C8849ABBBF9FF54354B14442EF506D2141DB71AE40DBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00881915
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000001,00000201,00000001), ref: 008819C1
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?), ref: 008819C9
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000001,00000202,00000000), ref: 008819DA
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?), ref: 008819E2
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a3ffc4659fa722e15322113bbca8073d29c20e037b001088b4e3656e87fc61ca
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3d15048e061d90103fa53febdb88d8b77f3b1c0c4b182f1cd849ea28f0cbabc5
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a3ffc4659fa722e15322113bbca8073d29c20e037b001088b4e3656e87fc61ca
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 44319C71A00219EFCB00DFA8CD9DAAE3BB9FB05315F104229F961E72D1CBB09945CB90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001053,000000FF,?), ref: 008B5745
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001074,?,00000001), ref: 008B579D
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008B57AF
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008B57BA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 008B5816
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 763830540-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6fb2071cee7a7a99386e6b862d88ffdcb9b398a1dfc0e1860fa7eb6b08b8aa7c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7bf8912399bd7df3bd2bd82030e4f658bfba7d2f47ca06f55f09be7c01a37462
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6fb2071cee7a7a99386e6b862d88ffdcb9b398a1dfc0e1860fa7eb6b08b8aa7c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4A218271904618EADB209FA4DC85BEE7BB8FF14724F108216F929EB2C0D7709985CF54
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • IsWindow.USER32(00000000), ref: 008A0951
                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 008A0968
                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 008A09A4
                                                                                                                                                                                                                                                                                                                                                            • GetPixel.GDI32(00000000,?,00000003), ref: 008A09B0
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000003), ref: 008A09E8
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 936286eb0ce197282f63c4696be81326685f778e08059a49b592ff7cb5ce0fb3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0fd7e2253a1cc7e93a698c973f1f442cb38ece964e91b618ebe91014356730cf
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 936286eb0ce197282f63c4696be81326685f778e08059a49b592ff7cb5ce0fb3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 39218135A00214AFDB04EF69D989AAEBBE9FF49700F04816CF84AD7752CB70AC44CB51
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetEnvironmentStringsW.KERNEL32 ref: 0085CDC6
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0085CDE9
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00853820: RtlAllocateHeap.NTDLL(00000000,?,008F1444,?,0083FDF5,?,?,0082A976,00000010,008F1440,008213FC,?,008213C6,?,00821129), ref: 00853852
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0085CE0F
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0085CE22
                                                                                                                                                                                                                                                                                                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0085CE31
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0986a84061d46e9840685d8c934ad018370f8d3da2f641c1f7163e1c8b386e6b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: df70a40b2259317737924fc7fc79c24567688bb68dbe3b96d6a10bb10900b213
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0986a84061d46e9840685d8c934ad018370f8d3da2f641c1f7163e1c8b386e6b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C6018F726023157F27211ABAAC8AD7B7E6DFEC6BA23150229FD05D7201EB618D0589B1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00839693
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 008396A2
                                                                                                                                                                                                                                                                                                                                                            • BeginPath.GDI32(?), ref: 008396B9
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 008396E2
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7f480d73f955e7f8920197fdfbb96b1b418c2701304990c27b6cd1beec10e8eb
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: dfa282de2b8a6d481c05145f99243ca51ffa1652a24858d3705a2ef21b626a79
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7f480d73f955e7f8920197fdfbb96b1b418c2701304990c27b6cd1beec10e8eb
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6B216D30902205EBDF119F29DC19BB93FA8FBA0315F504216F450E61A0E3F09892CFD0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 650b19fb6b37e6bbcd160c4f4bc4589da55db442ac2cd27f854bc9c4afa49927
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ae0a61a46456851af9c992ef25986c67b631d6dbddc40fc62ebcc6ce1e1af087
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 650b19fb6b37e6bbcd160c4f4bc4589da55db442ac2cd27f854bc9c4afa49927
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2501927564161EBAE60875149D82EFB635CFB213A8F40C020FE14DA342F768ED5083A5
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,0084F2DE,00853863,008F1444,?,0083FDF5,?,?,0082A976,00000010,008F1440,008213FC,?,008213C6), ref: 00852DFD
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00852E32
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00852E59
                                                                                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,00821129), ref: 00852E66
                                                                                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,00821129), ref: 00852E6F
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c19bd70d84ff07f75b551e83eb746d1cfa251a9fffd83fd2b71470a10ae85452
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 792b99a0e36df28d18a622b11dc2dc5a9f147a008126897c4054804f9145e736
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c19bd70d84ff07f75b551e83eb746d1cfa251a9fffd83fd2b71470a10ae85452
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AC01F432645A006BC71267786C87D2B2B99FBD73BBB644129FC21E2293EF349C0D4122
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0087FF41,80070057,?,?,?,0088035E), ref: 0088002B
                                                                                                                                                                                                                                                                                                                                                            • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0087FF41,80070057,?,?), ref: 00880046
                                                                                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0087FF41,80070057,?,?), ref: 00880054
                                                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0087FF41,80070057,?), ref: 00880064
                                                                                                                                                                                                                                                                                                                                                            • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0087FF41,80070057,?,?), ref: 00880070
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9738b11108540665fcf630e27257e5b92508977d6058f45041f80eb65dad2fb9
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 70ddca12f2b1ae9d06bf698d22c8f9cf9b2dc78336e8a618285edf5f84df9d56
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9738b11108540665fcf630e27257e5b92508977d6058f45041f80eb65dad2fb9
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6C01AD72600605BFDB51AF68DC04BAA7BEDFF48792F144224F905D6210E771DD449BA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 0088E997
                                                                                                                                                                                                                                                                                                                                                            • QueryPerformanceFrequency.KERNEL32(?), ref: 0088E9A5
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000), ref: 0088E9AD
                                                                                                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 0088E9B7
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32 ref: 0088E9F3
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 64ec1cba3fc2a79fae91ffd961d579e956a29a5940e0678c35ca348444a62ae3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4523e8ece75ae5b28b8e56fd0c50932bc91ca3c42e5c49d379acb5cffcf54b86
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 64ec1cba3fc2a79fae91ffd961d579e956a29a5940e0678c35ca348444a62ae3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5C011331D01A2DDBCF00ABE9ED59AEDBF78FF09701F010656E942F2241CB7096548BA2
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00881114
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,00880B9B,?,?,?), ref: 00881120
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00880B9B,?,?,?), ref: 0088112F
                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00880B9B,?,?,?), ref: 00881136
                                                                                                                                                                                                                                                                                                                                                            • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0088114D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 842720411-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 77d93323bcccbcd0ae4ea8998700ffcdcff9f2c21cb50a2c769fcb0d577862e1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1163c47039a680696f790f43a84d8fd893b1e2889685ff2baf44208945238af7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 77d93323bcccbcd0ae4ea8998700ffcdcff9f2c21cb50a2c769fcb0d577862e1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4F011979200605BFDB115FA9DC4DAAA3F6EFF893A0B204519FA45D7360DE31DC019B60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00880FCA
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00880FD6
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00880FE5
                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00880FEC
                                                                                                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00881002
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cdb968fd5db020faf1e1946b2909336bc41130622b421397fcbbd52eb01b5f6c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bfa6a92f5dddb742dd2486d0f0e2b6575dabc34fd1293215f6dd263530dd6cde
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cdb968fd5db020faf1e1946b2909336bc41130622b421397fcbbd52eb01b5f6c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FCF04975200701ABDB216FA89C4DF563FADFF89B62F104525FA45D6251CA70DC418A60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0088102A
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00881036
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00881045
                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0088104C
                                                                                                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00881062
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 25a9e0236f006b216d79791a4665e3420a59c56c864629389e5530fc4d8f7395
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b2b94eaa05c041626392540b28a4ab323bffa82a78c701c20e63bb859be3d550
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 25a9e0236f006b216d79791a4665e3420a59c56c864629389e5530fc4d8f7395
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 49F04975200701ABDB21AFA8EC4DF573FADFF89761F100525FA45D6250CA70E8418A60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,0089017D,?,008932FC,?,00000001,00862592,?), ref: 00890324
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,0089017D,?,008932FC,?,00000001,00862592,?), ref: 00890331
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,0089017D,?,008932FC,?,00000001,00862592,?), ref: 0089033E
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,0089017D,?,008932FC,?,00000001,00862592,?), ref: 0089034B
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,0089017D,?,008932FC,?,00000001,00862592,?), ref: 00890358
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,0089017D,?,008932FC,?,00000001,00862592,?), ref: 00890365
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a67595812ecb0845d29dad65dab548031eb2ba8378ea78fb1d73649cb80b00cd
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 408edb30e4d4cf5f8d842cc22e7d7d733cd76859fb2a1ac467bcc10f3cb9fcab
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a67595812ecb0845d29dad65dab548031eb2ba8378ea78fb1d73649cb80b00cd
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EC01A272800B159FCB30AF66D880412F7F5FF503153198A3FD19692A31C371A954EF80
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0085D752
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008529C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0085D7D1,00000000,00000000,00000000,00000000,?,0085D7F8,00000000,00000007,00000000,?,0085DBF5,00000000), ref: 008529DE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008529C8: GetLastError.KERNEL32(00000000,?,0085D7D1,00000000,00000000,00000000,00000000,?,0085D7F8,00000000,00000007,00000000,?,0085DBF5,00000000,00000000), ref: 008529F0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0085D764
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0085D776
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0085D788
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0085D79A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: dde47df4225a5637febab7dd4ae4c964382fce3c4a7f8b8ebc214f326ba33533
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7dec557a671a2e3547f34d2445dd5e11bad4ed8ea04135df25f98498ebbb43d5
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dde47df4225a5637febab7dd4ae4c964382fce3c4a7f8b8ebc214f326ba33533
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E9F06232904358AB8635FB68F9C1D567FDDFB093127A40805FC48EB602CB30FC888661
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 00885C58
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(00000000,?,00000100), ref: 00885C6F
                                                                                                                                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 00885C87
                                                                                                                                                                                                                                                                                                                                                            • KillTimer.USER32(?,0000040A), ref: 00885CA3
                                                                                                                                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000001), ref: 00885CBD
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5bd1ee65c6ea364970dc66a1776b0753d3a3f41eac9496d728444371ef4d23e5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7c145ce4f2d8db9802031e8f0bb1f71ff064e6598b27834bfff831947396017d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5bd1ee65c6ea364970dc66a1776b0753d3a3f41eac9496d728444371ef4d23e5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 96018170500B04ABEB316B50EE4EFA67BB9FB11B05F00165DA583E14E1DBF4A9848F90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008522BE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008529C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0085D7D1,00000000,00000000,00000000,00000000,?,0085D7F8,00000000,00000007,00000000,?,0085DBF5,00000000), ref: 008529DE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008529C8: GetLastError.KERNEL32(00000000,?,0085D7D1,00000000,00000000,00000000,00000000,?,0085D7F8,00000000,00000007,00000000,?,0085DBF5,00000000,00000000), ref: 008529F0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008522D0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008522E3
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 008522F4
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00852305
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ab5d33abed9099bfe3ccb74e3314f8dbf315286b4d68f5a0f2b41280ddd1d614
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 327638ac579cbb3ec002d0632501a2a7c28073ea663e75c945c8813a94b41d38
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ab5d33abed9099bfe3ccb74e3314f8dbf315286b4d68f5a0f2b41280ddd1d614
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F2F05E748101209F8A12EFB8BC41DA83F64F71A762B00051AF824E63B6CF310816EFE5
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • EndPath.GDI32(?), ref: 008395D4
                                                                                                                                                                                                                                                                                                                                                            • StrokeAndFillPath.GDI32(?,?,008771F7,00000000,?,?,?), ref: 008395F0
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 00839603
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32 ref: 00839616
                                                                                                                                                                                                                                                                                                                                                            • StrokePath.GDI32(?), ref: 00839631
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2625713937-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: fd770c88f94220a4a7a089632a6bcfb7707d40b65b59d18b72f91f8881bca418
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 17d0a58f0a7d09945232d3f5c2fafe85aac32f4a11e542857daf625c537dec72
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fd770c88f94220a4a7a089632a6bcfb7707d40b65b59d18b72f91f8881bca418
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0EF03730106608EBDB226F69ED1CB793F65FB50322F448314F4A5A50F0E7B08996DFA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: __freea$_free
                                                                                                                                                                                                                                                                                                                                                            • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6ae192aff7030181fbc16dd3736c98fd5c25ea1e083e714515d7381dcd29f6a6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ecd2e40f53dbb97b11ddcc68afd3e6a8d065abbf70c1e87705f6ca2866ec0964
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6ae192aff7030181fbc16dd3736c98fd5c25ea1e083e714515d7381dcd29f6a6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0AD1D03190020A9ACF249F68C8ADBFAB7B1FF05706F240159ED01DBB90D3799D88CB91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00840242: EnterCriticalSection.KERNEL32(008F070C,008F1884,?,?,0083198B,008F2518,?,?,?,008212F9,00000000), ref: 0084024D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00840242: LeaveCriticalSection.KERNEL32(008F070C,?,0083198B,008F2518,?,?,?,008212F9,00000000), ref: 0084028A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008400A3: __onexit.LIBCMT ref: 008400A9
                                                                                                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 008A7BFB
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008401F8: EnterCriticalSection.KERNEL32(008F070C,?,?,00838747,008F2514), ref: 00840202
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008401F8: LeaveCriticalSection.KERNEL32(008F070C,?,00838747,008F2514), ref: 00840235
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: 5$G$Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 535116098-3733170431
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 657326a1be7f109fca2436b033be10d9459d2b4b41534767208fa05ecaecd884
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f151f78f4c8fef578b6395bbf23c23522b9413eb90ada36eca824f86bbeddf11
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 657326a1be7f109fca2436b033be10d9459d2b4b41534767208fa05ecaecd884
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB918A70A04209EFDB04EF98D8909BDB7B1FF4A304F108059F906DB692DB71AE85EB51
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0088B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,008821D0,?,?,00000034,00000800,?,00000034), ref: 0088B42D
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00882760
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0088B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,008821FF,?,?,00000800,?,00001073,00000000,?,?), ref: 0088B3F8
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0088B32A: GetWindowThreadProcessId.USER32(?,?), ref: 0088B355
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0088B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00882194,00000034,?,?,00001004,00000000,00000000), ref: 0088B365
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0088B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00882194,00000034,?,?,00001004,00000000,00000000), ref: 0088B37B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 008827CD
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0088281A
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9472b3fcb64b1668346078721449f316ae2c17777778b986efa1709231428af6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 34f58f54379466b7df2a31b193c88d71579e6168854153d747ff56b3c227e9a3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9472b3fcb64b1668346078721449f316ae2c17777778b986efa1709231428af6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 29410D76900218BFDB10EBA8CD45ADEBBB8FF49700F104059FA55B7181DB706E45CB61
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00851769
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00851834
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0085183E
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                                                                                            • String ID: C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2506810119-3695852857
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 29e363d5de06b27941286483541d58b49236fffbd4eed48ec0a8b4fb7e75b39f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: fefee21b81d007d1c3a9f8b5787193eb48e5baa05f2076db7bf14d42bb0924f4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 29e363d5de06b27941286483541d58b49236fffbd4eed48ec0a8b4fb7e75b39f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C9314175A00218EFDF21DBAD9889EAEBBBCFB89311B144166F904D7211D6B04E48CB91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,008BCC08,00000000,?,?,?,?), ref: 008B44AA
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32 ref: 008B44C7
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 008B44D7
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                            • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ba7880ca345cf238305407f9e7ed0cc1680e11c26a28ec1dcea8980e5390bcaf
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5cc221d2ebbbf665f0295afe85163a045879706e527ba4dd40ca024305319a70
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ba7880ca345cf238305407f9e7ed0cc1680e11c26a28ec1dcea8980e5390bcaf
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 82317C31210605AFDB208E38DC46BEA7BA9FB09334F205725F975E22E1D770AC609760
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 008B461F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 008B4634
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID: '$pJ
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-1912810753
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d51a50c21c4c2eefb9538732532845842311fdfd6e507265ee13baa1d5f4ff1a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 08bbe90ebafeb51fc40c31cd851e29c069d34ecd6db28b53167a0bb0f3b41d5a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d51a50c21c4c2eefb9538732532845842311fdfd6e507265ee13baa1d5f4ff1a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D6313874A0061A9FDF14CFA9C981BEABBB5FF19300F10516AE904EB352D770A941CF90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 008A335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,008A3077,?,?), ref: 008A3378
                                                                                                                                                                                                                                                                                                                                                            • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 008A307A
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008A309B
                                                                                                                                                                                                                                                                                                                                                            • htons.WSOCK32(00000000,?,?,00000000), ref: 008A3106
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                                                                                                                            • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9e961d643ef4d58f468c8d882eee1d46aabd50e47c993628cf0e9855970004ba
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ce34499bf2ea28538ce19d4e499a89e61dc4cba7b14752cb919707c5c3f2e163
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9e961d643ef4d58f468c8d882eee1d46aabd50e47c993628cf0e9855970004ba
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA31D5352042059FEB10CF68C485E6A77E0FF16318F248069F915CBB92DB71DE45C761
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 008B3F40
                                                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 008B3F54
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 008B3F78
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$Window
                                                                                                                                                                                                                                                                                                                                                            • String ID: SysMonthCal32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2326795674-1439706946
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: fe949d7b224c94a2425527e833b4c75afc08f4f17aad50f27d45c797064241a0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 231ae785b624e776746b2b90d5107c1d3806d3bd4734e429e6ab2f0ec7d645dd
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fe949d7b224c94a2425527e833b4c75afc08f4f17aad50f27d45c797064241a0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F21BC32610219BBDF218F94DC46FEA3B79FB48714F110214FA15AB2D0DAB1A850CBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 176396367-2734436370
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 19fdfe0b2b3bdcd8b490a9117c145b71f20d5fb32fa066688bdb42f3c903c119
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4d6d32ae97b2f33d155eddf36c73b09ccc9b83452c6f09111c876344f106966e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 19fdfe0b2b3bdcd8b490a9117c145b71f20d5fb32fa066688bdb42f3c903c119
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D210872204525A6D331FA299C02FBB7398FFA1314F184426F98AD7142FB55AD41C3D6
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 008B3840
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 008B3850
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 008B3876
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: Listbox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 809aee167c13ec829ac24e4475a0f878bc26d14c4bca9fcc8f99c5683435e168
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 65fb2f60acfb634c3845cbb02970194d83a451165f47ebb80085023cf6bbeee2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 809aee167c13ec829ac24e4475a0f878bc26d14c4bca9fcc8f99c5683435e168
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA218E72610218BBEF218F65DC85EFB376EFF89754F118124F9149B290CA71DC5287A0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 00894A08
                                                                                                                                                                                                                                                                                                                                                            • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00894A5C
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,?,?,008BCC08), ref: 00894AD0
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                                                                                            • String ID: %lu
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 27a2bd5f7235354bda5fcf49e570d3f834f32b869e0f9f4d7df9ebaf5c5707b6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: add53ead10c23e86a62bba4ef2b7fdd734e3f57d9fddd09e803bbc8252bc488c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 27a2bd5f7235354bda5fcf49e570d3f834f32b869e0f9f4d7df9ebaf5c5707b6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A7314F71A00119AFDB10DF58C885EAA7BF8FF44308F1440A5F505EB252D771ED46CB61
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 008B424F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 008B4264
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 008B4271
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 83b5ad6f484ef93b7ef1da41fea95d560f311a945cbf8664b9de0d8b5d92276e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 66a234cac0111ecd3781cbb175ede4ae33041ad85c9263195741122d2eacf367
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 83b5ad6f484ef93b7ef1da41fea95d560f311a945cbf8664b9de0d8b5d92276e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE11E331240248BEEF205E29CC06FEB3BACFF95B54F110124FA55E2191D271DC519B50
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00826B57: _wcslen.LIBCMT ref: 00826B6A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00882DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00882DC5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00882DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00882DD6
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00882DA7: GetCurrentThreadId.KERNEL32 ref: 00882DDD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00882DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00882DE4
                                                                                                                                                                                                                                                                                                                                                            • GetFocus.USER32 ref: 00882F78
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00882DEE: GetParent.USER32(00000000), ref: 00882DF9
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 00882FC3
                                                                                                                                                                                                                                                                                                                                                            • EnumChildWindows.USER32(?,0088303B), ref: 00882FEB
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: %s%d
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 71ef9bb42f3881abf8525d39eb94674f11e97bcc5d419cfcfd7c41fdea7f35b2
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d256d60ecd7f94594a991b791ece58c5b944e98d3dd8cdde36c915c698f4cda1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 71ef9bb42f3881abf8525d39eb94674f11e97bcc5d419cfcfd7c41fdea7f35b2
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B711E1716002096BCF107F789C85EEE3B6AFF94314F044079F909EB292EE3099498B71
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 008B58C1
                                                                                                                                                                                                                                                                                                                                                            • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 008B58EE
                                                                                                                                                                                                                                                                                                                                                            • DrawMenuBar.USER32(?), ref: 008B58FD
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 443488eecbaaff55c2343d9b7860aec4d6269a51749ba3ac7aeb2fb42106a112
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d0c607240c316fc33d11d3fdb94c2066d99eb69f1250cb732d6d3aeef08256eb
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 443488eecbaaff55c2343d9b7860aec4d6269a51749ba3ac7aeb2fb42106a112
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 62016D31500218EFDB219F15EC44BEEBBB4FF45364F1480AAF949DA261DB308A84DF61
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(?,008F18B0,008BA364,000000FC,?,00000000,00000000,?,?,?,008776CF,?,?,?,?,?), ref: 008B7805
                                                                                                                                                                                                                                                                                                                                                            • GetFocus.USER32 ref: 008B780D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00839BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00839BB2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00839944: GetWindowLongW.USER32(?,000000EB), ref: 00839952
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B0,000001BC,000001C0), ref: 008B787A
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Long$FocusForegroundMessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID: pJ
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3601265619-3211412816
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 524d0a0c1d74b2a7fce1bccd8d6f02d3f836ad2a16b3e19039820b0f81314b66
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 887e319116c912c93bca101fcaf0d342f4074a2b4b0b9d82da67265290dfb688
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 524d0a0c1d74b2a7fce1bccd8d6f02d3f836ad2a16b3e19039820b0f81314b66
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB0108316052108BD725DB28D858AB677E6FBCA320F180269E555C73A1DB716806CB94
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9085167329cddac9def75ec416aae69377ac367d5adfe28254af1560d4f7f4fc
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 97beef80d0d67a8697d3df95a2c9dbb87790bdb322295f81596c1ba7affa3187
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9085167329cddac9def75ec416aae69377ac367d5adfe28254af1560d4f7f4fc
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 62C17B75A0020AEFDB54DFA8C898AAEB7B5FF48314F208598E505EB251C771EE45CF90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 63a63611879a16d14e5bebd5b67a5cdd269d55f8c1d5826fcaf0c884007a538e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F9A16872D00B869FDB11CF18C8817AEBBE4FF61399F28416DE985DB282C6348989C751
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1998397398-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ef4645c02a88cc4143b27be77986e35f7282d4f48c3cb5cb8f9bc3bf89c349ac
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f26c6da685fd9965d3a8c9739618e6e5dd4b9df45afdd861dc0e743d8a0d4135
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ef4645c02a88cc4143b27be77986e35f7282d4f48c3cb5cb8f9bc3bf89c349ac
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 78A16A756043109FDB00DF28C585A2AB7E5FF89714F048859F98AEB762DB70EE41CB92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,008BFC08,?), ref: 008805F0
                                                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,008BFC08,?), ref: 00880608
                                                                                                                                                                                                                                                                                                                                                            • CLSIDFromProgID.OLE32(?,?,00000000,008BCC40,000000FF,?,00000000,00000800,00000000,?,008BFC08,?), ref: 0088062D
                                                                                                                                                                                                                                                                                                                                                            • _memcmp.LIBVCRUNTIME ref: 0088064E
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 314563124-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 43b8ac51efbd5c4e0560e77aafaba2938217317e5088bc1fd53988154cea1261
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0a24f7332a2419ff640b54d584e3e12f3edf44d0139e4acd909441dc65790732
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 43b8ac51efbd5c4e0560e77aafaba2938217317e5088bc1fd53988154cea1261
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F881E971A00209AFCB44DF94C984DEEB7B9FF89315F204558E516EB250DB71AE4ACF60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 008AA6AC
                                                                                                                                                                                                                                                                                                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 008AA6BA
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                                                                                                                                                                                                                                                                                            • Process32NextW.KERNEL32(00000000,?), ref: 008AA79C
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 008AA7AB
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0083CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00863303,?), ref: 0083CE8A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d971a13192b2ca238bcfa38ea5bb2faf96c32b17ac4e47a22f9d1557e08ed230
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d79fa7cd5c941dcbab52c318f560f6e73503adb2bd5cb322a844685075306060
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d971a13192b2ca238bcfa38ea5bb2faf96c32b17ac4e47a22f9d1557e08ed230
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A0513871508310AFD714EF28D886A6BBBE8FF89754F00492DF585D7252EB30D944CB92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1f16abced5faf0de8c0b13c09e8ceff5655711907c9f3567e39d924545066faf
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 461ec45e861bedc0956a0550b147e67523cd6314103a700e77da4fc5825e9221
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1f16abced5faf0de8c0b13c09e8ceff5655711907c9f3567e39d924545066faf
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 31411B31A00115ABDF216BBD8C4EABE3AA6FF41370F1E4225F919D7293EE7488415367
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000002,00000011), ref: 008A1AFD
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 008A1B0B
                                                                                                                                                                                                                                                                                                                                                            • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 008A1B8A
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 008A1B94
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 54468ef96a3ac8715a43fbc16aec73448b1fbb2b03abfa43d26815667071358c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 609f34dc537c3c4d6b756774400e204ca66a8b7cc8d1d24f2da2592ea2f3d628
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 54468ef96a3ac8715a43fbc16aec73448b1fbb2b03abfa43d26815667071358c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D41A134600210AFEB20AF28D88AF2977E5FB45718F548458F91ADF7D2D772DD828B91
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c6d93ff2aab919c7b81b877015beecad5241ed2ca17f7365eeec202a97c07068
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 600cebab1bdbe825ef17118a3b5e14019eb932e2c1d40ab6265db895d3e3d5a2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c6d93ff2aab919c7b81b877015beecad5241ed2ca17f7365eeec202a97c07068
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3A410672A00318AFD7249F7CCC41B6ABBA9FB98711F20452EF941DB282D771D9098781
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00895783
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000), ref: 008957A9
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 008957CE
                                                                                                                                                                                                                                                                                                                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 008957FA
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 43d9b0e79f323759a6dce83b3c97c6efaa0f443a24b3807edc42541edb0ce797
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1be55461fd3fa460a8e95add50c46ac12ea301b04482acea6fb774b006c728e9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 43d9b0e79f323759a6dce83b3c97c6efaa0f443a24b3807edc42541edb0ce797
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F41EE35600610DFCB11EF59D545A5EBBE1FF89720B198498E84AAB362CB34FD41CB92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,00846D71,00000000,00000000,008482D9,?,008482D9,?,00000001,00846D71,8BE85006,00000001,008482D9,008482D9), ref: 0085D910
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0085D999
                                                                                                                                                                                                                                                                                                                                                            • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 0085D9AB
                                                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 0085D9B4
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00853820: RtlAllocateHeap.NTDLL(00000000,?,008F1444,?,0083FDF5,?,?,0082A976,00000010,008F1440,008213FC,?,008213C6,?,00821129), ref: 00853852
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2652629310-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7df73daeec36bc5a9d7659ad8a6fd9a38b5d44cbdf75567d2249e79387570d77
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2b5fe8af29625cea84a48777520537c99dc8c913a5a8532a7cc63428d7c28600
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7df73daeec36bc5a9d7659ad8a6fd9a38b5d44cbdf75567d2249e79387570d77
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5A31B072A0020AABDF24DF69DC45EAE7FA5FB41311B054268FC04EB251EB35CD59CB91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?,7694C0D0,?,00008000), ref: 0088ABF1
                                                                                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(00000080,?,00008000), ref: 0088AC0D
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000101,00000000), ref: 0088AC74
                                                                                                                                                                                                                                                                                                                                                            • SendInput.USER32(00000001,?,0000001C,7694C0D0,?,00008000), ref: 0088ACC6
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f15e64a07d736e7e4dc65a548028dfb294c5ef3a32e493dac38c5829b4ec079d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ee4283295170c4ace7978267ea78aad2518f7cf72f291125d941fa5f74e83b54
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f15e64a07d736e7e4dc65a548028dfb294c5ef3a32e493dac38c5829b4ec079d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8731F470A40618AFFB39AB69C804BFA7BA7FB89310F08431BE485E21D1C37599858752
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 008B16EB
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00883A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00883A57
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00883A3D: GetCurrentThreadId.KERNEL32 ref: 00883A5E
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00883A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008825B3), ref: 00883A65
                                                                                                                                                                                                                                                                                                                                                            • GetCaretPos.USER32(?), ref: 008B16FF
                                                                                                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(00000000,?), ref: 008B174C
                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 008B1752
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 73ff15e8bd002f8c760c4106c77059e260bd641c5f30dc87514c3ffb5385b50e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3e0bea035d906cbf4e32e67c3160e62859b550625f9d459b113342bafd094e56
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 73ff15e8bd002f8c760c4106c77059e260bd641c5f30dc87514c3ffb5385b50e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D7316F71D00159AFCB00EFA9D885CEEBBF9FF48304B5080A9E415E7211EB319E45CBA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00827620: _wcslen.LIBCMT ref: 00827625
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0088DFCB
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0088DFE2
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0088E00D
                                                                                                                                                                                                                                                                                                                                                            • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 0088E018
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$ExtentPoint32Text
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3763101759-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 53cc530871d11cd7a9b72a97828a07f12472cbf459a9e1f1d8e9c7a4390e718a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 855a7b04a5d7381115fee436a4faf0147305fc0ddfb3cc0c42d7e1dc64cf9b86
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 53cc530871d11cd7a9b72a97828a07f12472cbf459a9e1f1d8e9c7a4390e718a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F821D371900618AFCB10EFA8D881B6EBBF8FF45750F104065E904FB286DA709E41CBE2
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?,008BCB68), ref: 0088D2FB
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0088D30A
                                                                                                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 0088D319
                                                                                                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,008BCB68), ref: 0088D376
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2267087916-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ed0ed07d8a77829bd2820639c70a4236ffe9e8892e76323bdd57f64c1ffb6002
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 04cf3059233d0695b966763cf5b6de8f0a0c1f5d846418a7bc33fbd9c0e9eae7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ed0ed07d8a77829bd2820639c70a4236ffe9e8892e76323bdd57f64c1ffb6002
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 94215C705093019F8710EF28D8818AEB7E4FE5A364F504A2DF4A9C73E1E7319946CB93
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00881014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0088102A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00881014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00881036
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00881014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00881045
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00881014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0088104C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00881014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00881062
                                                                                                                                                                                                                                                                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 008815BE
                                                                                                                                                                                                                                                                                                                                                            • _memcmp.LIBVCRUNTIME ref: 008815E1
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00881617
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 0088161E
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1592001646-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a76a77a00e4946088e7e3d9f981742f0e2778bf5e7a7799535bf1177b54a586f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8683abfe7c29d669094ce87dc538a2c24780d2667ebc96d62fb76e307f553cbb
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a76a77a00e4946088e7e3d9f981742f0e2778bf5e7a7799535bf1177b54a586f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1F212771E40109AFDF10EFA4C949BEEB7B8FF54354F184459E441EB241EB30AA46CBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000EC), ref: 008B280A
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 008B2824
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 008B2832
                                                                                                                                                                                                                                                                                                                                                            • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 008B2840
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 75f81b996fd0ea113212226f8ad5412bebe67793102b13dcc551602ed02d1637
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b7f371e5106fc49609008362dac242447d7a42a056a2002ca0c31d168ac7f3a4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75f81b996fd0ea113212226f8ad5412bebe67793102b13dcc551602ed02d1637
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 02219D31205525AFD7249B28C845FAA7B99FF85324F148258F426CB7E2CB71FC82CB95
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00888D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,0088790A,?,000000FF,?,00888754,00000000,?,0000001C,?,?), ref: 00888D8C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00888D7D: lstrcpyW.KERNEL32(00000000,?,?,0088790A,?,000000FF,?,00888754,00000000,?,0000001C,?,?,00000000), ref: 00888DB2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00888D7D: lstrcmpiW.KERNEL32(00000000,?,0088790A,?,000000FF,?,00888754,00000000,?,0000001C,?,?), ref: 00888DE3
                                                                                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00888754,00000000,?,0000001C,?,?,00000000), ref: 00887923
                                                                                                                                                                                                                                                                                                                                                            • lstrcpyW.KERNEL32(00000000,?,?,00888754,00000000,?,0000001C,?,?,00000000), ref: 00887949
                                                                                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(00000002,cdecl,?,00888754,00000000,?,0000001C,?,?,00000000), ref: 00887984
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                                                                                                            • String ID: cdecl
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 12628ccfb4793721e4f6353f1d295c8c4bf9e42027ce5632e0927a40041d6cdf
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6f916404bb4b55d4f46d60b5839c0aca88bccadf907875bedf495534fe6a1b3b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 12628ccfb4793721e4f6353f1d295c8c4bf9e42027ce5632e0927a40041d6cdf
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4C11D63A200242ABCB15AF39DC45D7A7BB9FF85390B50402AF946CB365EF35D811C791
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 008B7D0B
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000000,000000F0,?), ref: 008B7D2A
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 008B7D42
                                                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,0089B7AD,00000000), ref: 008B7D6B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00839BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00839BB2
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 847901565-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0d62e2eb6550314341803c30b8961074c3e23cfd221772c87c8eda7d9dc110c5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1731765e1dab2754a1dcdb9eff1e835c18cc8c54edee9b99095129e9ebb0c667
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0d62e2eb6550314341803c30b8961074c3e23cfd221772c87c8eda7d9dc110c5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B115E31615615AFCB109F68CC08EB63BA5FF853A0B254728F939D72F0D7319951DB90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001060,?,00000004), ref: 008B56BB
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008B56CD
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008B56D8
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 008B5816
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 455545452-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 38b9c6eb660ba3546abea8e24c84bf3172293ecd70d48751b316ec55cff9b590
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9de7ecd980983234982ae3549f0e23dce005beebc75b7678233f101b6266311b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 38b9c6eb660ba3546abea8e24c84bf3172293ecd70d48751b316ec55cff9b590
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5911D671600608AADF209F65DC85BEE7B6CFF21764F104126F915D6281EB70C984CB64
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6bc34b9e86ac840211c13122c90d39210a814aca72a8a019d5799dd513ae2059
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: db2082b1d874dae082b9e6a711f30f8c32cb7518164edfc03956ccc40104283f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6bc34b9e86ac840211c13122c90d39210a814aca72a8a019d5799dd513ae2059
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5D01A2B220561A3EFA21267C6CC4F676B2CFF813BAB300325FD31E11D2DB608C485160
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 00881A47
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00881A59
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00881A6F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00881A8A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ad04c9151f2d5ebadb7af7a48a8796abf20730c3bf1419087ad3405f0253b27c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9fd7d22daeacdad5c0b0fa8c03e3d91a168be60a0329cdad7b269347885ce8b1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ad04c9151f2d5ebadb7af7a48a8796abf20730c3bf1419087ad3405f0253b27c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C0112A3A901229FFEF109BA4C985FADBB78FB08750F200091E610B7290DB716E51DB94
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0088E1FD
                                                                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(?,?,?,?), ref: 0088E230
                                                                                                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0088E246
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0088E24D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 97c1c20d3ab79fe6a46c755c7b24660bd84f967cd210d449b536c2bd76b85b5c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: dbae3424a967e7bf2832d14a5a313dd19f510d7c8522991f8bdd3ad44dce13a0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 97c1c20d3ab79fe6a46c755c7b24660bd84f967cd210d449b536c2bd76b85b5c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B711A176904258ABCB01AFA89C09AAA7BADFB45320F144265F924E3391D7B4990487A0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,?,0084CFF9,00000000,00000004,00000000), ref: 0084D218
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0084D224
                                                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 0084D22B
                                                                                                                                                                                                                                                                                                                                                            • ResumeThread.KERNEL32(00000000), ref: 0084D249
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 173952441-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: bc015fb32e98a0440f7f7ab1e0298b520d865946beb842908bedcf3509878cb1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9ad3e2bcb0151905e8fe88898823c0817ac4089081abaec9b3304ea40cbfd1c0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bc015fb32e98a0440f7f7ab1e0298b520d865946beb842908bedcf3509878cb1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2D01C03680532CBBCB115BA9DC09AAA7BA9FF81331F104229F925D21D1CBB0990186A1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00839BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00839BB2
                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 008B9F31
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 008B9F3B
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 008B9F46
                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 008B9F7A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4127811313-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d9cbbdaa372bef1d629e5797d7a2fe6eaec2584df3520fd321af5fa4d612fe28
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 75b3dbf1b189515e24738d77c5c6ef6e92d37e476002a2866b083bafc8b6d370
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d9cbbdaa372bef1d629e5797d7a2fe6eaec2584df3520fd321af5fa4d612fe28
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F711063290011AABDB10DFA8D889DFE77B9FB46321F400555FA51E3251DB70BA85CBA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0082604C
                                                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 00826060
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 0082606A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 26d39531759b77d9d333f1bee6eec00df3e5518e5f18e59206786369ea384e3a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 044f76c538e66f8eaba2bfefdc8af2fe6dc387fa5ded41b29b9084f5e7d20536
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 26d39531759b77d9d333f1bee6eec00df3e5518e5f18e59206786369ea384e3a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6E116172501958FFEF124FA49C44EEA7BA9FF19364F040215FA14A6110D732DCA0EBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ___BuildCatchObject.LIBVCRUNTIME ref: 00843B56
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00843AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00843AD2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00843AA3: ___AdjustPointer.LIBCMT ref: 00843AED
                                                                                                                                                                                                                                                                                                                                                            • _UnwindNestedFrames.LIBCMT ref: 00843B6B
                                                                                                                                                                                                                                                                                                                                                            • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00843B7C
                                                                                                                                                                                                                                                                                                                                                            • CallCatchBlock.LIBVCRUNTIME ref: 00843BA4
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 737400349-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 860cd67bcc5fc6585e1d4e2c4904b6b6bce57210da7ee3a1e43f6df3d89cc469
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B001E93210014DBBDF12AE99CC46EEB7B69FF58764F044115FE48A6121C732E961DBA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,008213C6,00000000,00000000,?,0085301A,008213C6,00000000,00000000,00000000,?,0085328B,00000006,FlsSetValue), ref: 008530A5
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0085301A,008213C6,00000000,00000000,00000000,?,0085328B,00000006,FlsSetValue,008C2290,FlsSetValue,00000000,00000364,?,00852E46), ref: 008530B1
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0085301A,008213C6,00000000,00000000,00000000,?,0085328B,00000006,FlsSetValue,008C2290,FlsSetValue,00000000), ref: 008530BF
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7b20dc23ba3f385e532265bc2c970157633bbcb11ea9f436dec75cdcdd90adea
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1322da0947390009349a36dd96e96f18841a668422d916e13e1a53011e3d84f2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b20dc23ba3f385e532265bc2c970157633bbcb11ea9f436dec75cdcdd90adea
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74018432751B26ABCB214A799C849677B99FF45BE2B210724FD05E71C0D721D909C6E0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 0088747F
                                                                                                                                                                                                                                                                                                                                                            • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00887497
                                                                                                                                                                                                                                                                                                                                                            • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 008874AC
                                                                                                                                                                                                                                                                                                                                                            • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 008874CA
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1352324309-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9e7bf33b500f9dc702a81be73425cfdae2fb16926efa0438f37d90f1f3ab969f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b7327ca3633220f036a05555d1f1da4b26d269041434b7ec46660e07fcc3dff2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9e7bf33b500f9dc702a81be73425cfdae2fb16926efa0438f37d90f1f3ab969f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9411ADB1209315ABE720AF54DC08B927FFCFF00B14F208569E656D6191D7B0E944DBA4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0088ACD3,?,00008000), ref: 0088B0C4
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0088ACD3,?,00008000), ref: 0088B0E9
                                                                                                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0088ACD3,?,00008000), ref: 0088B0F3
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0088ACD3,?,00008000), ref: 0088B126
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 051665dcca04c66cee9c1c5ce72e3ffd3111768e82dfbd6c4f32b35773cb8cb4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 609aff478b10aba4bec14e7e1390e32739eca56db7753879d6f9f031639ffda3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 051665dcca04c66cee9c1c5ce72e3ffd3111768e82dfbd6c4f32b35773cb8cb4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7F113931C0192DE7CF00EFE8E9986EEBF78FF89711F104186D981B6281DB3056508B51
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 008B7E33
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 008B7E4B
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 008B7E6F
                                                                                                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 008B7E8A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 357397906-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: af2012305c7c2efab1343867d6d4f3bd2269f90d6e348e361d4d6f0dbb12d0b7
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 41bf77724d1be5171bd26f83684333d649c91670526c7ddad43e324beb1a6632
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: af2012305c7c2efab1343867d6d4f3bd2269f90d6e348e361d4d6f0dbb12d0b7
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF1153B9D0020AAFDB41CF98C884AEEBBF9FF18310F509166E915E3210D735AA54CF90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00882DC5
                                                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 00882DD6
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00882DDD
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00882DE4
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6fd7045cda70b09ac0a0288c31e4913af639515124c8ededa2dab17973dae85d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d361ba70ac15ac93601e966b30fb5d8830e8b7c083019c1c8ce420bcef561c84
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6fd7045cda70b09ac0a0288c31e4913af639515124c8ededa2dab17973dae85d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A2E0EDB25012287BD7202B669C0DEEB7F6CFB57BA1F400219B506D10919AA58941C6B0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00839639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00839693
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00839639: SelectObject.GDI32(?,00000000), ref: 008396A2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00839639: BeginPath.GDI32(?), ref: 008396B9
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00839639: SelectObject.GDI32(?,00000000), ref: 008396E2
                                                                                                                                                                                                                                                                                                                                                            • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 008B8887
                                                                                                                                                                                                                                                                                                                                                            • LineTo.GDI32(?,?,?), ref: 008B8894
                                                                                                                                                                                                                                                                                                                                                            • EndPath.GDI32(?), ref: 008B88A4
                                                                                                                                                                                                                                                                                                                                                            • StrokePath.GDI32(?), ref: 008B88B2
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7663632c4b0b43b123d9bad2bf50b5c332040f116acbae2794b2d2b489af7072
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 92efc95ddd744e6afab2e0e25ed55151570635d51c199f6074829b0d8b6e77e6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7663632c4b0b43b123d9bad2bf50b5c332040f116acbae2794b2d2b489af7072
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DEF03A36141659FBDB126F94AC0EFDA3F59BF06310F448100FA11A51E1C7B55511CFE5
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000008), ref: 008398CC
                                                                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,?), ref: 008398D6
                                                                                                                                                                                                                                                                                                                                                            • SetBkMode.GDI32(?,00000001), ref: 008398E9
                                                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000005), ref: 008398F1
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 40cf4a48327574a5e7272b0ec94a61dfadfbb7f5a126ff54433dc8cd3673e794
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b9d149f774861eaeaf2527dd6ae772b7d7b0e89d649a3fe498e4a51d5c65e666
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 40cf4a48327574a5e7272b0ec94a61dfadfbb7f5a126ff54433dc8cd3673e794
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 02E06D31244280AADB215B78AC09BE93F20FB52336F04C319F6FAA80E1C3718640DB20
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentThread.KERNEL32 ref: 00881634
                                                                                                                                                                                                                                                                                                                                                            • OpenThreadToken.ADVAPI32(00000000,?,?,?,008811D9), ref: 0088163B
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,008811D9), ref: 00881648
                                                                                                                                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000,?,?,?,008811D9), ref: 0088164F
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3974789173-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2977b8db703198e78700062753922ac5c5c06f9e25b41bba212767aa0d8df92c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7ba43fa20a4ee167c5dc9162f8538170d7f2f7582e1c3f5935dea156faf6f958
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2977b8db703198e78700062753922ac5c5c06f9e25b41bba212767aa0d8df92c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56E08631641211DBDB202FA19D0DB863B7CFF58791F184918F285C9080EA344442C760
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 0087D858
                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 0087D862
                                                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0087D882
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?), ref: 0087D8A3
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9274509d0aad12867ae37c70cd8a5baae0b3a5cc5f99c7165bea72d27ca4f33e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5f7f0978f0d4d4b2bdd2c2533df45ff02f3df16d141c0e15d43f5cf634ea82ca
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9274509d0aad12867ae37c70cd8a5baae0b3a5cc5f99c7165bea72d27ca4f33e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B3E01AB4C00208DFCB41AFA4D908A6DBBB1FB58310F148519E806E7250CB389941AF51
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 0087D86C
                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 0087D876
                                                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0087D882
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?), ref: 0087D8A3
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a5d6fa7bed626dee6bbe1e5290fa5fddfab0ad1616288231c126edc1b0c5c4d9
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d059abfb91f278682e2b2024eddf8d657eb4660df3a84e52821db69ceaa0c554
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a5d6fa7bed626dee6bbe1e5290fa5fddfab0ad1616288231c126edc1b0c5c4d9
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 21E046B4C00204EFCF50AFA8E80CA6DBBB1FB58310F108508F80AE7350CB385902AF90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00827620: _wcslen.LIBCMT ref: 00827625
                                                                                                                                                                                                                                                                                                                                                            • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00894ED4
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: *$LPT
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4cecd8765c42a754ff757c3299ad96ac3419ce60337e717bf280b7827d73d832
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ff051cf834ca83092635cbb66bcb63e3dfdd7ec33990f6433db964b005e7955b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4cecd8765c42a754ff757c3299ad96ac3419ce60337e717bf280b7827d73d832
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0C915F75A002159FCB14EF58C484EAABBF1FF44318F189099E40A9F762DB35ED86CB91
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: #
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ffb453376ca34024ab0f401798603564514e1774f84cfa8bb093e2f4626deea9
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3e1cc4ff526ac4d43b4cbf3c442be1c4498bd1ad56367afe2a307c27a8da34b9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ffb453376ca34024ab0f401798603564514e1774f84cfa8bb093e2f4626deea9
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CF51233550024ADFDF19DF68C081ABA7BA8FF69310F2480A5F895DB2D4D634DD52CBA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000), ref: 0083F2A2
                                                                                                                                                                                                                                                                                                                                                            • GlobalMemoryStatusEx.KERNEL32(?), ref: 0083F2BB
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b1dd33a6173cf0842549aa33d5e092232d98f2f24acc92857fc6a6a6c1e31eae
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 940ef99dfdc94f00697064833349ce4dcc5ebdbcbcb4a119ff294c63f1d779fd
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b1dd33a6173cf0842549aa33d5e092232d98f2f24acc92857fc6a6a6c1e31eae
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 57513871418B449BD320AF55E886BAFBBF8FF84300F81885DF19981195EF708969CB67
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 008A57E0
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 008A57EC
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c997fd11e662cecb555f352ccdafb498b57fddccea8d737d6814dbd4530efd03
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e7e16f196a98526605538c4c34014f0a2a75b261540fe56a7ceb572a7e86cc5c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c997fd11e662cecb555f352ccdafb498b57fddccea8d737d6814dbd4530efd03
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C419031E002099FDB14DFA9C8819BEBBB5FF5A724F144069E505E7352EB349D81CBA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0089D130
                                                                                                                                                                                                                                                                                                                                                            • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 0089D13A
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: |
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e4b7934a8a59ac8be74c978c60e607f8fdfbaca67285d8339a9730691b0e31ef
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 225912ede53b100d9c2eb66e6c4afa991fc92aaaf28f0b336c1e1891b065367b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e4b7934a8a59ac8be74c978c60e607f8fdfbaca67285d8339a9730691b0e31ef
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E313875D01219ABCF15EFA8DC85AEEBFB9FF04300F140019F815A6162EB31AA56CB65
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?,?,?), ref: 008B3621
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 008B365C
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                                                                                                            • String ID: static
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1c123c00fbc0327a871f1f124a19efc62fb6348cf05a9a9febbf6f9d0c6f7fc2
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 222d63a2c02b08de2e1340759d309061d7db65e50889f5a86b3dac59c0cdc6dd
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c123c00fbc0327a871f1f124a19efc62fb6348cf05a9a9febbf6f9d0c6f7fc2
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AC319A71110608AEDB24DF38DC80EFB73A9FF99724F008619F8A5D7290DA30AD91DB60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00839BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00839BB2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00839944: GetWindowLongW.USER32(?,000000EB), ref: 00839952
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 008773A3
                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000133,?,?,?,?), ref: 0087742D
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LongWindow$ParentProc
                                                                                                                                                                                                                                                                                                                                                            • String ID: pJ
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2181805148-3211412816
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1af0b13da35a575d70b4d544ebdd13234bfec09f9a6b109b11f32a236442d3de
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2a43d0d27710f0daa110ed69811fd9d677211d2bd8bc5871ace4e99fb8cfda62
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1af0b13da35a575d70b4d544ebdd13234bfec09f9a6b109b11f32a236442d3de
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7F21AD34600104AFCB259F28CC49DB93BA5FF8A374F048265F9A98B2F5D3B19D51EA90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 008B327C
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 008B3287
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID: Combobox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: da317c9af60543a63dca742ce45b07b67eac989fc55bdc87ebb9c3cfcde88881
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2739738d3338af87d9e7cfd10cf9f50c47458bc2c090c6b68c36854586868bd2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: da317c9af60543a63dca742ce45b07b67eac989fc55bdc87ebb9c3cfcde88881
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B11B271300208BFEF219E98DC85EFB376AFB993A5F104228F918E7390D6719D518760
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateMenuPopup
                                                                                                                                                                                                                                                                                                                                                            • String ID: pJ
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3826294624-3211412816
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0ed86d2a9c04c51e68abef95db09709bdb99b18b3f52f5e2ff83de5adb7d31b1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c600cc392f5975dd4695778f56d46465256020a76dc8b1e1e9b387c95c1c3616
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ed86d2a9c04c51e68abef95db09709bdb99b18b3f52f5e2ff83de5adb7d31b1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46216D34608214EFCB20CF29C545BD6BBE5FB0A365F08805AE8A9CB351D731AE02CF55
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0082600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0082604C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0082600E: GetStockObject.GDI32(00000011), ref: 00826060
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0082600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0082606A
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 008B377A
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000012), ref: 008B3794
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                                                                                                            • String ID: static
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9df6982538b6602eca067a24adee983519a1c117bbee84a143fbbdb211e7200f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9e06698028e1a1aeb7df9e767eab391d8321a7b756aefba69b7ce92122bc4edc
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9df6982538b6602eca067a24adee983519a1c117bbee84a143fbbdb211e7200f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB1129B2610209AFDF00DFA8CC45EFA7BB8FB08354F004624F955E2250EB35E851DB60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 008B61FC
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000194,00000000,00000000), ref: 008B6225
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID: pJ
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-3211412816
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1d402151a8abd1ff89fdd8da61336ba12f7045a983357c922c2b3e04c0140b67
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2eac63f797c40905656f2a8ff39e5e38359c937b4f3b71e8cb36d67b2cf5594d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1d402151a8abd1ff89fdd8da61336ba12f7045a983357c922c2b3e04c0140b67
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE115132140118BEFF158F68DD19FF93BA5FB09714F004115FA16DA2D1E6B9DA60DA50
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0089CD7D
                                                                                                                                                                                                                                                                                                                                                            • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 0089CDA6
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                                                                                                            • String ID: <local>
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6a5be7330560c7d50e9c3a1b50a602a2cb6fd329c16e66a263f0ae425148ee38
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 407a114bbad1595c458ae3c4b76d511d91b2d66a2c02cbc2899940a48e82301b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a5be7330560c7d50e9c3a1b50a602a2cb6fd329c16e66a263f0ae425148ee38
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1F11C6B1205635BEDB345B668C45EE7BE6CFF127A8F144226B109C3180D7759840D6F0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextLengthW.USER32(00000000), ref: 008B34AB
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 008B34BA
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: edit
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a4a0e823911dc9f662692de1a68d9758f80e222ea87d9b8b8b078737cc456054
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b5446d6e13f7988d80c94136ecd52e7efddf96df45fffa94f90cc9ea69f2e661
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a4a0e823911dc9f662692de1a68d9758f80e222ea87d9b8b8b078737cc456054
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 59118F71100108ABEB218E68DC44AFB3B6AFF25378F504324F961D32D0C771DD519758
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,?,?,?), ref: 008B4FCC
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID: pJ
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-3211412816
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: bedb2a0b11f5f63d8bd2bd528c1831bc973bc9132bf6ea2de37c14a666cc3fce
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 130fb584c5188266e71cdc80d23a06f560a6d759765df69e1d1170314225c7cb
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bedb2a0b11f5f63d8bd2bd528c1831bc973bc9132bf6ea2de37c14a666cc3fce
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F821D07AA0011AEFCB15DFA8C945DEA7BBAFB4D344B004154FA05E7320D631E921EBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?,?), ref: 00886CB6
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00886CC2
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                            • String ID: STOP
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3c77fe85e0a617dfcee14caeffd3930fe4a06297008d0253e5c9d945c0ee5f0d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0b7ba18655c75195485f27c7ddc4b91df8c5bbd25dce59af4b00115848e99a29
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3c77fe85e0a617dfcee14caeffd3930fe4a06297008d0253e5c9d945c0ee5f0d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2F01C032A1052A8BCB21BFFDDC809BF77A6FF61714B110538E862D6191FA32D960C751
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: pJ
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-3211412816
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 67996c9b22bc4d6d896ef10aebdd824aab5f2e2aa77810016e723d1dd77d1281
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: dee89f678c5e04ac893fec6205a80ff6cfaaf6cb3732225080a1e781548473fe
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 67996c9b22bc4d6d896ef10aebdd824aab5f2e2aa77810016e723d1dd77d1281
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B4113034604A04DFCB20DF28D854EA5B7E6FB99320F548259F9699B3A0C7B1E941CF90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00883CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00883CCA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00881D4C
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5ec1940cb8852b8960f46bc2eee15736a55597580dd8b9bea1af2ad55b889638
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8b445cd513807c23668fa28becf9df820a6224268b700b22751d5e03fba47881
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5ec1940cb8852b8960f46bc2eee15736a55597580dd8b9bea1af2ad55b889638
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6D019E75601228AB8B08BBA8DD559FE73A8FB56360F040619F862E72C1EE30590987A1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00883CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00883CCA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000180,00000000,?), ref: 00881C46
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8175e6f196900c4a6ee777c7e585b36f0e7a9633e49dfe35fc406be709e4d147
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3e404fd1ba2e892d714534d059b90cbe2b17d841c75d0bb84faf8215047ba802
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8175e6f196900c4a6ee777c7e585b36f0e7a9633e49dfe35fc406be709e4d147
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9701D4B5A8011866CF04FB94DA559FF73ADFB12340F140029E456E3281EE209B0987B2
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00883CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00883CCA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000182,?,00000000), ref: 00881CC8
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f0b27b5b81d41c5d5e1ae967e6a105b089a5aef492f6072aa85ed7e60d58a934
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f9c9d4ed807a2474724b3a275555bcfc7c809f120ff06c5e7aee524e63e1f9c8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f0b27b5b81d41c5d5e1ae967e6a105b089a5aef492f6072aa85ed7e60d58a934
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E01A2B5A8011867CF14FBA9DA15AFE73ADFB12340F140025B842F3282EE609F098772
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00829CB3: _wcslen.LIBCMT ref: 00829CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00883CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00883CCA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00881DD3
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8872d9dc27bc1b59b7cdcabafcecd688239d80b40bf30d96c6b1784905a121ac
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 46ed2eebe5d8dc1c7c4280d06c42bc6119e8a7c591d43494cfbfc664b8054715
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8872d9dc27bc1b59b7cdcabafcecd688239d80b40bf30d96c6b1784905a121ac
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0EF0A4B1A4122867DB04F7A8DD56FFE776CFB02754F040929F862E32C2DE605A098361
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00839BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00839BB2
                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,0000002B,?,?,?,?,?,?,?,0087769C,?,?,?), ref: 008B9111
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00839944: GetWindowLongW.USER32(?,000000EB), ref: 00839952
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000401,00000000,00000000), ref: 008B90F7
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LongWindow$MessageProcSend
                                                                                                                                                                                                                                                                                                                                                            • String ID: pJ
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 982171247-3211412816
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4cffecc3588c70e59632cc8fb55a4cc5a9ebdf277e32f356f384c7f03b5180cd
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 49d48d9621485fbd512f5355a3191080eea3a6609a379c154073043a6487eca7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4cffecc3588c70e59632cc8fb55a4cc5a9ebdf277e32f356f384c7f03b5180cd
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2001B130200218EBDB219F28DC49FA67BA6FB85365F100168FA919A3E1C7726801DB61
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: 3, 3, 16, 1
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 176396367-3042988571
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b5470d66c2f3b57e0382fde06b86386a9c155be9882352de3a85efc2b4fd1353
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0ac09dc48ea09b80e603cffed52da8084071a1521be2f81a3bd59c1a7711c9b7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b5470d66c2f3b57e0382fde06b86386a9c155be9882352de3a85efc2b4fd1353
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9AE02B0221622010E231127E9CC1A7F5F8DFFCF750710282BFA81C2276EE948D92B3A6
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00880B23
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Message
                                                                                                                                                                                                                                                                                                                                                            • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5956843bc5487cf497c746f4a8d3b183879cb6eb1771ea7022e44bcb7f5e0ca6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d91b28166b0bd6b495e3ba78a487e4400069b8f9889806d0735f5d9e15f68380
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5956843bc5487cf497c746f4a8d3b183879cb6eb1771ea7022e44bcb7f5e0ca6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AAE048322843582BD21436997C07FC9BF84FF05B65F100426FB98D96D38AE1649056EA
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0083F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00840D71,?,?,?,0082100A), ref: 0083F7CE
                                                                                                                                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,0082100A), ref: 00840D75
                                                                                                                                                                                                                                                                                                                                                            • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0082100A), ref: 00840D84
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00840D7F
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                                                                                                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7911cde9b977f91601b4dcabab3c37ce19af9f86804670f50c745c7bd6c7f93a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d5f0e3309d52160647f70587520ad56b87147e71f048cff644b578cfd1c12a6b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7911cde9b977f91601b4dcabab3c37ce19af9f86804670f50c745c7bd6c7f93a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3DE0ED746007518BD7609FBCE8487577BE4FF04744F004A2DE696C6752DBB5E4488FA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 0089302F
                                                                                                                                                                                                                                                                                                                                                            • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00893044
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                                                                                                            • String ID: aut
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a7f808704a4f461f9186809402f1a9b486abe6c1ba7008f496a8dfbccce67b50
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9e57274a449e183c4b5b34e61760ed134b106ed9a64024cf272629444f85d975
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a7f808704a4f461f9186809402f1a9b486abe6c1ba7008f496a8dfbccce67b50
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 05D05E7290032867DA20A7A5AC0EFCB3B6CEB05750F0002A1B755E2091EAB49984CBE0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LocalTime
                                                                                                                                                                                                                                                                                                                                                            • String ID: %.3d$X64
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e4e8bc8adf7b33b66f4704b0cd680829af33ee8db0099a137a4812f53ae58d14
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1d45eaf7ef52c448fb3b19089c05e74412217afc4fc739756251175e7971657f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e4e8bc8adf7b33b66f4704b0cd680829af33ee8db0099a137a4812f53ae58d14
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FFD012A1C1830CEACF9096D0DC458B9B37CFF58305F90C452F90AE1046D624E50967A1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 008B232C
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 008B233F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0088E97B: Sleep.KERNEL32 ref: 0088E9F3
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 252f528e9ea8276b4a21d1d7d58d52d8c19681df5283bbf8c88b3d87a0dec883
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6e2c4fae4359e7b272907ced3782c1e27ec842b36aa068a63da3f632ac55302a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 252f528e9ea8276b4a21d1d7d58d52d8c19681df5283bbf8c88b3d87a0dec883
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B6D0A932380300B6E2A4BB309C0FFD66B04BB10B00F004A06B295EA1D0D8E0A8018A00
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 008B236C
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000), ref: 008B2373
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0088E97B: Sleep.KERNEL32 ref: 0088E9F3
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2f55f05371fefa6f6ab674e97ad9003c9cc1bee8f35ebbce59ef43b0b40d5ab9
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6cbdbcb68faf16da463f0ef09c94f7a40fdb0a1af8595fbc952368aad6f893d7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2f55f05371fefa6f6ab674e97ad9003c9cc1bee8f35ebbce59ef43b0b40d5ab9
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DCD0C9323C13517AE6A4BB719C4FFD66B14BB15B10F004A16B695EA1D0D9E4A8418A54
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 0085BE93
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0085BEA1
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0085BEFC
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2257583618.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257493099.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257744420.00000000008E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257881173.00000000008EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2257924550.00000000008F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_820000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e57527599d0df0760ed90ed7262210d8a6d8a99735ba989fae5ea852463e4d53
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 65b62f49b95b8bd6952023ff24254be5dbbce39a005a691a67ddc6c39acf0f25
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e57527599d0df0760ed90ed7262210d8a6d8a99735ba989fae5ea852463e4d53
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B41D43460021AAFCF218FA9CC45ABABBA5FF61312F144169FD59D71A1DF308D09CB61

                                                                                                                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                                                                                                                            Execution Coverage:0.4%
                                                                                                                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                            Signature Coverage:100%
                                                                                                                                                                                                                                                                                                                                                            Total number of Nodes:6
                                                                                                                                                                                                                                                                                                                                                            Total number of Limit Nodes:0
                                                                                                                                                                                                                                                                                                                                                            execution_graph 5008 1d32a1daef2 5009 1d32a1daf49 NtQuerySystemInformation 5008->5009 5010 1d32a1d92c4 5008->5010 5009->5010 5005 1d32a1d24b7 5006 1d32a1d24c7 NtQuerySystemInformation 5005->5006 5007 1d32a1d2464 5006->5007

                                                                                                                                                                                                                                                                                                                                                            Callgraph

                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000012.00000002.3451052159.000001D32A1D8000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001D32A1D8000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_18_2_1d32a1d8000_firefox.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                                                                                                                            • String ID: #$#$#$4$>$>$>$A$z$z
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3562636166-3072146587
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a7beeb6ed6d4bd1c13836e24e4a4bf8602c8d7752103ee20adf8d6ea9f6b849f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 828f13c3d345ca02227770bfe76ba8fe38e0a4823ed8804634efcd2fcace2025
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a7beeb6ed6d4bd1c13836e24e4a4bf8602c8d7752103ee20adf8d6ea9f6b849f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1CA3D731A18E498BDB2DDF18DC866EA73D5FB94311F14422ED94BC7295DE34EA02CAC1